Markaos

I know this isn't Reddit, but r/peopleliveincities... When 90% of desktop users use Windows, it's going to both be the most targeted by malware developers and have the highest chance of being operated by someone who doesn't understand enough about computers to recognize that the shiny calculator app that just popped up after visiting a very legit Nigerian prince's crowdfunding page probably shouldn't need admin access.

And speaking of user error, I'm willing to bet that basic security practices like using full disk encryption, SecureBoot, some MAC layer (provided by antivirus on Windows, AppArmor/SELinux on Linux) and regularly applying security updates are way more common over in the Windows land - if I was in a situation where there was one completely randomly selected Windows PC and one also completely randomly selected Linux PC, and my life depended on being able to gain access to either of them (some kind of really messed up Saw trap? idk), I would definitely bet my life on the Linux one being misconfigured.

Don't get me wrong, Linux can make for a very secure and private OS, but most installs most definitely cannot be described as such - just look at the popularity of random unverified PPAs on Ubuntu derivatives or AUR packages on Arch.

The biggest friction point for me is the fact that files can only cross the work profile boundary by using the Android's share sheet (or with cloud storage, I guess), and some apps (cough cough Meta crap) didn't like it when you shared a file they couldn't directly access with them. I didn't encounter any such issues recently though.

If you pause the work profile (there's a button in the launcher to do that), all apps in it get killed and their icons and widgets in the launcher get grayed out. If you tap a grayed out icon, you get a dialog asking you if you want to unpause work apps. I think there are ways to automate pausing, but I don't use anything like that and literally only have the pause/unpause button as a toggle for the intrusive apps.

I wonder if Private Space apps can be turned off the same way work apps can. If so, I could ditch Island and stop abusing the work profile as a way to implement a light battery saver.

A reasonable build of the kernel optimized for virtualization won't take more than a few tens of megabytes of RAM (and it will have support for memory ballooning, so the virtualized kernel will give the memory it doesn't need back to the host), and the userspace will need to be separate anyway due to how different Android is to normal Linux distros.

Containers are nice when you want to run dozens of separate services on the same server or want to get the benefits of infrastructure as code, but in this case they would provide minimal benefits at the cost of having no way of loading any kernel modules not built into whatever ancient kernel version your SoC manufacturer decided you have to use on your phone. Also, container escape vulnerabilities are still a bit more common than full VM escape, so this is also good for security on top of being more useful.

box86/box64, and there's also FEX-emu which is used by the Asahi Linux project (Linux on Apple Silicon macbooks).

Yeah, this seems properly configured. No clue why it isn't working for you.

The only app that doesn't auto-update for me is Fdroid itself (ironically), because it targets an old Android version. Running Android 14 on a Pixel, so with the strongest Google fuckery.

Are you sure your Fdroid client is up to date? The new API was implemented in 1.19, and apparently I even misremembered and all you have to do to enable Fdroid to auto update its apps is to manually update them for one last time (so no fresh installation required).

Another long shot: there's an option to force the old installation method hidden in expert settings - maybe you could check if that isn't enabled?

On a normal unmodified phone you have to manually confirm each app you want to install. so no auto-updates in the background etc.

Background app updates are possible since Android 12, Fdroid just took two years to implement the new API (and you have to do a fresh install of the apps - apps already installed using the old API still require confirmation on each update). There is still friction on the initial install though.

It is for their non-flagship devices - those were always kinda left behind with software support.

Both? It's pretty well explained in the rest of the text (you don't even have to click a link)

It was up to the Commission, which has exclusive powers to set the bloc's commercial policy, to break the gridlock and ensure the duties go through.

The European Commission made the decision after the member countries failed to agree on how to proceed.

What error? It gave you a string of tokens that seemed likely according to its training data. That's all it does.

If you ask it what color is the sky, it will tell you it's blue not because it knows that's true, but because these words "fit together". Pretty much the only way to avoid this issue is to put some kind of filter in front of the LLM which will try to catch prompts that are known to produce unwanted results, and silently replace your prompt with something like "say: sorry, I don't know".

I'm being very reductive here, but that's the principle of how these things work - the LLMs are not capable of determining the truthfulness of their responses.

OK, cool. Just remember that the only entity who can sue in this situation is Microsoft (because when you contribute code to VS Code, you must sign a CLA that says you give Microsoft full perpetual rights to distribute your code under any license they wish - it is Microsoft who then "graciously" releases your code under a copy left license while also building their proprietary version of VS Code using it).

And Microsoft cannot use the code if it gets released under a copyleft license - that wouldn't allow them to build their proprietary build with it. So the only one who can do anything has less than zero (because it would improve only the FOSS forks, which are meant to be inferior) interest in making these guys publish the source code as proper FOSS.