This is an idealism vs realism fight. You're both right in that you're both fighting for the end user to have ultimate control of their device.
However, there's a major caveat here. Google's play protect prevents me from using some apps on my phone running graphene. My banking app is one of them. Yes I know there's technical workarounds. Yes I know they have a website (for now). But the point is, this is the direction stuff is moving. Fully signed devices from power-on through the entire stack and a flag that warns software if that breaks. Yes, it's a win for security. But I have zero control. Google has all the keys to all the doors and graphene can't do anything about it. Nor can I. And Google has very little incentive to change this.
I fear this is the direction things are moving to. Phones will be tied to our identity. Web will be depreciated as a security risk. Only one of the two options you two are fighting over fixes this: power must be taken from these mega corporations.
> Google's play protect prevents me from using some apps on my phone running graphene. My banking app is one of them.
Well, your bank is the one choosing to prevent your from running it on GrapheneOS. That's my whole point again! We need to regulate that: it should be forbidden to ban alternative OSes!
Now complaining about the fact that side-loading will require a ONE TIME, "annoying" procedure is not helping this AT ALL. It's just "oh no, I could do it with one click, and now I have to do it in 9 clicks, that's terrible, we need to bring it back to 2 clicks because anyway we won't win if we hope to bring it back to 1 click".
I'm exaggerating of course, it is a big problem for e.g. F-Droid (and maybe others?). But my point is that it's just cosmetic, it's not helping the cause. It's not moving us one inch closer to a better world. On the contrary: it's monopolising the attention of policymakers. They already don't understand much, and we flood them with complaints they don't understand (because really, 99.99% of the Android users don't give a shit about side loading, why would the policymakers care?).
The solution is simple: make it mandatory to allow alternative OSes (which is pretty much as simple as making it mandatory to unlock/relock the bootloader, and maybe remove a few other barriers that exist just for locking us in) and making it illegal to ban alternative OSes with Play Integrity (which is what banks are doing). That's all. No need to fight every decision Google makes and still lose every single time.
We need to get our act together and get the policymakers to do the right thing. But to be fair to the policymakers, technical people on the internet are asking for everything and its contrary.
I'd be happy with either approach, frankly. I just think yours is slightly less realistic.
> Well, your bank is the one choosing to prevent your from running it on GrapheneOS. That's my whole point again! We need to regulate that: it should be forbidden to ban alternative OSes!
The bank isn't banning graphene os. They're banning anything Google labels as untrusted. I think that's an important distinction. This is Google's doing. I don't have the ability to declare "this is my device and I trust it and everything on it" to the banks. And I can see Google's point in that it would be extremely difficult to do this in a way that couldn't be exploited maliciously. Are there ways for the .001 percent of people out there who understand this? Absolutely. But only if our overlords let us and even then we're back to the point that this is only for the people in the know.
Which is why I personally don't think enforcing alt OSes will help. We have it now; most people don't know and wouldn't care if they did. Play protect is the same. The amount of people this would impact is beyond minimal. However the problem isn't minimal; this is already a huge problem and it's getting bigger quickly. Giving people the keys won't fix it fast enough, or for enough people.
Tech already controls our life and that fact is only getting more worrisome. It's past time for the governments to treat this the same as electricity. Everything standardized, everything regulated, and I can plug whatever the hell I want into it. I don't want to just break free for myself. In order to really make change, my grandma needs to think of her phone like a power outlet.
> The bank isn't banning graphene os. They're banning anything Google labels as untrusted.
I don't agree here :-). AOSP provides an attestation mechanism that totally works with GrapheneOS [1]. Google provides Play Integrity on top of that, as an easy way to check that the phone is signed by Google. It doesn't say "it's unsafe if it is not signed by us", it just says "here is a way to verify that it is signed by us".
The bank chooses to check that it is signed by Google and to refuse everything that is not. The bank chooses that.
First, they don't need to check at all. Many banks don't, it seems like it's a new thing. I don't believe that there is any security concern there: it probably has to do with policy, or security theatre. It isn't serious security, because serious security would not ban GrapheneOS. I doubt it is to help Google, I think it's just incompetence (and a cheap way to do security theatre).
Most apps run on GrapheneOS, most apps don't use Play Integrity. Those who do choose to do it. And there are banks that choose to support the GrapheneOS attestation, though it's the exception.
I feel like this is semantics. I don't know all what they say, but I'd eat my breakfast cold if the word "safety" didn't come up in the PowerPoint deck. We may have to agree to disagree on this.
My point was that this is the direction the world is moving to. Maybe it's not total coverage yet, but every year more and more of our stuff only operates with verified trust through the entire process. Everything from video games to movies to programs. We're already sitting here complaining about Google enforcing developer verification, how long until Google turns on play integrity by default? And then how long until it's the only option? It'll come if something doesn't change.
And I still agree with the post way up above that these devices are too important now. I don't care about Google's interests here.
> My point was that this is the direction the world is moving to.
And I agree with that, but it feels to me like it reinforces my initial point: fighting the Google flavour of Android is a lost cause.
> We're already sitting here complaining about Google enforcing developer verification
Which isn't a problem on alternative Android OSes like GrapheneOS.
> how long until Google turns on play integrity by default
Agreed. The solution is to be able to use an alternative Android OS like GrapheneOS :-).
> It'll come if something doesn't change.
And what needs to change is that regulations need to make it illegal to actively choose to ban alternative Android OSes.
The thing with regulations is that you need to find something applicable. When people complain about centralised system and lobby for regulations that will help their federated system, without even debating about whether or not the federated system is "better", the fact is that it is not applicable. It is not reasonable to say "so now, if you write a messenger app, it has to use the Matrix protocol because Matrix convinced us of it". If I want to write a different protocol, I should be able to do it, right?
But what I am suggesting here is both reasonable and applicable: currently those banks have to add code to their app in order to ban alternative OSes. If a regulation makes it illegal, they just have to remove it, and banks who don't have it yet just don't add it. It's easy to verify: if my banking app doesn't boot on GrapheneOS, I can complain to the regulator, and the regulator can trivially verify it.
Same thing for allowing to unlock/relock the bootloader: super easy to verify, a regulation would work great.
Now back to the article: what are we asking? That the process of installing an unverified app manually is not made "so hard", with "hard" being some variant of "it's terrible if I have to wait 24h one time in order to enable this", for something that approximately nobody does. Look at all the effort that has been put against this change... and again they will lose. And if they managed (very unlikely) to get regulation for that, they would be screwed next week by the next change.
That's why I say it's the wrong fight: not only it's a lost cause, but it is strictly less useful than the simpler solution of defending alternative Android OSes with simple regulations.
The plan to rely on the presence of alternative OSes is only good so long as those OSes exist. They do today, but it is more of an exception rather than a rule. In a hypothetical scenario, where a signifcant portion of users switch to one of these alternative OSes, there will be an incentive to monetize.
So I'd agree there should be rules what OS should and shouldn't do. And yes, it shouldn't be a fight with an enterprise entity, which has little incentive to restrict itself. It should be a lawmaker level discussion, unfortunately they are pursuing other agendas over there.
> In a hypothetical scenario, where a signifcant portion of users switch to one of these alternative OSes, there will be an incentive to monetize.
Which is why it's better to choose an alternative that is open source, so that when they become evil, you can switch again. It's always been like that: we're fleeing from successful companies becoming evil. What has changed is that those companies have found a way to make it illegal for us to flee, and I suggest we fight against that.
> If you hover over a line of code in your application, coding assistance services will display code strings of supported function calls available through the coding assistance service that are also present in your current code file. Coding assistive services will retrieve snippets from publicly available open source code showing how others are using those same functions. 3. THIRD PARTY COMPONENTS. The software may include third party components with separate legal notices or governed by other agreements, as may be described in the notices file(s) accompanying the software.
I've read that paragraph multiple times (both in the original and in your post) and I don't see anything that says who owns the resulting text. Just where it comes from. Am I missing something obvious?
>will retrieve snippets from publicly available open source code
Pretty sure it depends on the license the open source project uses. I dont think it's too troublesome if the autocomplete was truly only taken from open source projects, but it wouldn't surprise me if most closed source projects are also weighted into these models...
Being a Graphene user is fine and all, but if this continues it will have a chilling effect on OSS Android development. And that will still effect you.
Why isn't it practical? In my life, I've encountered many SWEs that have changed careers. I've met them in national parks working as rangers. In real estate, grocery store butchers, and yak ranchers. Yet I've never once encountered a SWE that was once doing something non-technical and decided to switch.
Purely anecdotal, I know. But still, I prefer to think that all those people discovered this practical advice and are far happier for it. I've never met one that regretted their decision.
Oh, I would consider becoming a park ranger as well, but as a european, I also did not had to go deep in dept, to become a SWE.
And a professor should take that into account and give practical advice. In the real world, solving haskell challenes (of which the prof is fan of) is unfortunately not that useful. People have real needs for working software to solve their real pain points. Not to worship code quality.
Some projects need obviously better code quality (airplanes, medical equipment..) - but not all of them. And if you want to have sacred code when coding a crude throw away app .. you won't get enough money for that. And positions for academics are limited.
I thought about it, but it turns out the clover that people use for lawns isn't native, and I figured that if I'm doing the lawncare, I'm going to go as native as possible. I don't think our natives here in the US - trifolium reflexum and trifolium carolinianum - work very well as a "lawn" like that. I do have the carolinianum seeds that I want to grow in a container. Both are rare, so I want to help keep them in existence.
I'm looking into native sedges right now since they provide a lot of ecological benefit and are better-suited to growing in the soil conditions of my yard.
Around here, it isn't possible to do native lawn. The grasses are too tall and the low groundcovers can't be walked on. I'm trying to plant wildflower meadow but it will be a couple of feet high.
My idea is that there are two types of lawns. There are the lawn you use, and it is fine to be grass. But there is a lot of lawn that is landscaping and that can be native plants.
Oh, do you perhaps mean Theodore Payne Foundation at https://theodorepayne.org/ ? I was just searching Thomas Payne Foundation and that was what came up
I had a yard of mostly white clover years ago. The neat thing is that animals love it, I'd get 3 or 4 rabbits in my yard each morning - they seem to eat the white flower off the top.
The other nice thing is they don't need cutting nearly as often. I only had to cut the lawn because the stray random grasses and weeds that grew among the clovers.
I'd love to get a node working just for fun. But it also seems like a waste since I'm extremely rural. The closest node is 200+ miles away. The chances of seeing any other device but my own connect to it seem slim.
takes away some of the fun of imagining the SHTF-all-corporate-infrastructure-is-gone scenario i guess but i think that for realistic mesh networking applications it’s cool to build out many infrastructure types and enjoy the fact that the mesh will reconfigure itself realtime across a variety of scenarios.
Perhaps there are others in your neighborhood in the same position, who would only get into it if there were other nodes. So be the first, get your friends into it, and maybe more nodes will follow. It's only $30 or so for a device.
They have a decent range (15 miles or more) so depending on how rural you are, you might be able to create a line of repeaters back to a major population center.
Lol, I'm rural enough that the concept of "neighborhood" has no meaning here. I'd have to have a neighbor first. And friends all live further away than 15 miles.
I literally just put the meshtastic antenna on the roof today, in an old services box. Been in the window for months, had a few weird perfect weather moments show a few nodes and a ping. Put it on the roof, hours ago, nothing yet.
Someone has to start up the area! (I live in nowhere maine).
Set it up, and when family visit, give them little LORA pucks to strap onto their belts when they go out on the property. Boom little property wide messaging network. Send out a text when dinner's ready!
I ended up getting a ham radio license and now I get to use technology that actually works (even if it's a little more janky than meshtastic/reticulum).
My friend is across town and I should be able to hit him with the line of sight meshtastic repeater from my house, but I've never been able to.
OTOH, we can hear each other clear on any of the ham bands.
For hobby usage, ham is fantastic. For decentralized communication for the general public, which seems to be Meshcore/Meshtastic’s goal, it’s a nonstarter. There’s just too big a barrier to entry.
And unfortunately Meshtastic fails miserably at that. Meshcore is better, but maybe not anymore. I'm not even sure Lora is the best technology for this either since you'd really want something that can listen to more than 1 channel at a time.
Lora seems to be a great technology for remote sensors within a 1km of each other that can transmit occasional data. But once that single channel fills up, the channel stops working.
Because of the split. But your right, meshtastic does have dumb routing. And I haven't used meshcore, but I probably won't now until the dust settles on this for a while.
I would like to disagree with you here that perfect is the enemy of good for mesh networking. It's not that meshtastic is good, it's not. But the barrier to get to good is far harder than the offerings. There are three primary issues.
1. Lora can typically only receive and listen on one channel at a time. This prevents listening and transmitting on anything but the one channel. If you could have multiple channels, the incidence of radios stomping on each others signals would go down.
2. The FCC limits 900MHz unlicensed operators to 1W of effective radiated power, and Lora really isn't optimized to make that 1W go as far as possible.
3. A good mesh network will have reliable delivery and routing. Meshtastic is more "spray and pray".
FT8 works very well as a digital modulation, and it solves the first two, but it doesn't solve #3 even though it makes it so much easier to design a solution for #3.
For a real life example: FT8 on 5W of RF power can often get my signal from North America to South America, Canada, Australia, Japan, etc.
If you listen to 14.074MHz, that's the channel that primarily is used for FT8 on the 20 meter band. Pick a random Web SDR from this list [0] and tune to that frequency and set it to USB (Upper Side Band). The channel width is only 3Khz, but each one of those squiggly lines is one station transmitting a signal.
I was getting very good signals with this one [1].
I vaguely remember reading an article where someone had somehow transmitted digital signals over HAM, could feasibly be a transport for a reticulum network, right?
Eh, it's a stereotype. In my opinion, they should always be questioned, especially when it's an unkind one like this.
Frankly I'm surprised to see this here. Hackers have had more than their share of hurtful stereotype applied to both our hobby and our personality. We should know better. But perhaps there's a generational divide at work there.
IYKYK. Hams are known for a distinctive personality type that can be at strong odds from other tech people and other comms people. Usually in ways that clash with consequences.
I know a few hams that are chill and they are precious doves. I know quite a few more who I won't even engage with for fear of crossing them and them dedicating their lives to making mine hell. Because I've seen them do it to others.
That's not _just_ the hams, mind you. This behavior is overrepresented in hackerspaces in general. But there's a lot of overlap between those groups. Hasn't changed much in the 40-some-odd years I've been involved there either.
Hurt people hurt people, as they say. The entire field is held back because of trauma. "I could invent something amazing but get screwed out of it because someone else has money and lawyers" is just no way to live. The problem for radio is I could invent the most magical amazing transmitter, but it's worth absolutely nothing if there's no corresponding receiver. Which is to say, open standards are everything. Meshtastic/MeshCore/etc are interesting because they're open. It doesn't have to be. Off-grid mesh communication is a solved problem, just buy a GoTenna. Problem is it's proprietary. But it works, with a whole lot less drama.
There is also a fair bit of demographics at play. Many of the people writing these little applications grew up and imprinted before open source was much of a thing.
I get the sense that a lot of the hams I’ve met have a framed hall-monitor sash from their high school years.
I’ve been sniffing around it as a hobby for decades but there are just a ton of people involved that clearly are exorcising trauma from being bullied or feeling marginalized in their life on a whole. Following and enforcing the rules seemed like the beef big draw for a sadly large chunk of them.
I don't really think its fair to lump hams into that behavioral bucket. It's certainly a personality type that tends to get attracted to lots of different technical hobbies.
> IYKYK. Hams are known for a distinctive personality type that can be at strong odds from other tech people and other comms people. Usually in ways that clash with consequences.
Yes, old mildly misogynist, mildly racist, wellakshually, holier than thou, pro-trumper types.
I was there at Dayton Hamvention (2024) when they had to turn off the 2M repeater because 2 or 3 of them got into a screaming match over trump.
Naturally, I skipped over any trump-flag hanging booth. But the hatred and extreme conservatism is everywhere in the community.
And its not my community any longer. I let my license lapse, and I will not renew. I also sold my radios, except for 2 2M handhelds, just on the off case SHTF.
I'm a radio hacker, not a ham. I'm no liddy elmer. And nor will I perpetrate shit like YL (you g lady) or OL (old lady), which is common vernacular.
It's not even just a pro-trump thing. That's not even the thing particularly annoying about hams because that's annoying across all of society. I can tolerate disagreeing with peoples opinions but not disagreeable/disharmonioous behavior.
Hams act super gatekeepey and act insanely protective/defensive around things that don't actually belong to them. They tend to have a high sense of self-importance around their skillset and try to do their own "enforcement" of rules that they feel empowered to harass people about. Hams tend to be "fixated persons". They care about their personal capabilities and usually some made up authority they think that gives them. All so they can just endlessly chirp hello world at each other. They developed a skillset and then don't do anything useful for the community with it. Notice I said the community and not their community. They love building insular clubs. They act like authority figures _across the whole damn spectrum_ when their purview is tiny.
The coolest radio hacker I ever met was an ex Army radio guy and Desert Storm vet. He ran a licensed LPFM station somewhere in the rust belt but with a pirate radio mindset. Their transmit power was way above what the license allowed but they also weren't bothering anyone :). His station ran afrocentric community/educational content and he ran after school programs teaching teens in his community brodcasting/radio/electronics skills. He helped several of them obtain scholarships. I've rarely if ever seen hams do anything nearly that cool.
It's a simple exam that 10yo kids pass all the time. If someone is complaining about the licencing process, the problem is on that individual, not the system.
Like with roads and cars, radio spectrum is a very limited and very shared resource, and there has to be some regulation, or else some Elon Musk-type person would already take it for themselves for a commercial reason.
It's also self-policed, so that means that hams have to find the problematic entities and hope that authorities with legal power act on those reports.
The devices can also be uncertified (self-certified by a ham technically), so you can cause all sorts of havoc for many other entities, like actual emergency services (a case not long ago in US) or worse.
If you are not able, or for some reason or another don't want to get licenced, there are other ways to communicate, like mentioned meshtastic, which doesn't require a licence on ISM bands, or PMR/FRS radios (or gmrs in us, which does require a licence but you don't have to learn the radio basics for the exam).
Again, like with roads and cars, you expect others there to be mentally capable enough to pass that simple exam and follow the basic rules on the air. If not, they can get a bicycle and argue on the bicycle lane with other cyclists. And the ham exam is much cheaper and easier than a driving exam (in most developed countries at least,
the driving one costs 1keur++ if you finish optimally, whereas over here, a full intro to ham course (a few weeks, usually on zoom) with a printed book and the actual exam costs <100eur, even less with a pdf instead of a book)
The problem isnt the test. In the USA the test is cheap. Books can easily be acquired online.
The problem is hams - the people who are habitually are on amateur radio.
I find them to be incredibly anti-digital, holier than thou, loud about hard-conservative positions, misogynist, racist, and more. And when Ive tried to further the art and science of radio comms, hams are some of the first to talk down what I contributed.
They are people who I dont, and dont want to associate myself with.
Ive also known others that made that assumption when I said I was a ham. Lots of people have had those experiences, and also chosen not to associate with them.
I'm sure this doesnt apply to "all Hams". It does apply to a supermajority in the USA, enough to say that I do not want to be a ham any longer. I already refused to communicate with them, nor associate with them.
Yeah, all that stuff depends where you are located. Up here in Vancouver amateur radio community, any kind of bigoted/discriminatory/exclusionary crap is totally not accepted or tolerated. There are always people experimenting with new things, sharing knowledge/experience, helping each other out. Heck, I built a portable radio pack and made a blog post about it, and my local club included my post (with my permission) in their monthly newsletter. I've also contributed photos to them and attended numerous community events -- always 100% welcoming and there's a strong educational/sharing vibe to all their events. When I hear people complaining about "hams" I'm always thankful to have seen almost none of this stuff locally.
The article said "nearly invisible to the naked eye" (emphasis mine). Between that and the fact the researchers weren't that close to an actual lightning strike (meaning you presumably would have seen a stronger effect), I would believe you saw something.
However, there's a major caveat here. Google's play protect prevents me from using some apps on my phone running graphene. My banking app is one of them. Yes I know there's technical workarounds. Yes I know they have a website (for now). But the point is, this is the direction stuff is moving. Fully signed devices from power-on through the entire stack and a flag that warns software if that breaks. Yes, it's a win for security. But I have zero control. Google has all the keys to all the doors and graphene can't do anything about it. Nor can I. And Google has very little incentive to change this.
I fear this is the direction things are moving to. Phones will be tied to our identity. Web will be depreciated as a security risk. Only one of the two options you two are fighting over fixes this: power must be taken from these mega corporations.
reply