I’m still on a dumb TV thankfully, but I’m starting to suffer, constrast is pitiful

But it’s not that easy a lot of TVs will only boot into the smart TV (and that’s already slow) and will only let you pick external inputs from there, often requiring to select it everytime!

What conspiracy? CPU bugs aren’t a conspiracy, they are just a fact. Amazon’s involvement with American three letter agencies isn’t a conspiracy, it’s a fact.

It’s not me you need to tell this though.

… Providing you trust Intel SGX (and AWS for giving them access to actual SGX and not just emulating a compromised instruction set)

The thing if someone has memory access Signal doesn’t need to store anything, transiting data is now available. For example all of your contacts when doing contact discovery. It used to be a simple hash, something for which you could build a rainbow table in a few hours, at the worst. It’s lightly better now, but still.

Don’t take it from me, take it from Moxie:

https://signal.org/blog/private-contact-discovery/

It also doesn’t really matter if the software itself can easily be tampered with in memory by the hypervisor. Like I said, they are putting a lot of trust in Intel SGX.

And let’s not even get into the digital sovereignty issues, and financing of right wing billionaires. Yes, running on AWS is an issue. It’s multiple issues even.

I’m not claiming the contents of the messages are at risk here. You’re social graph and metadata though is another story.

Second is that it runs on AWS. This isn’t a problem in the sense that it’s possible for it to still retain privacy while running on AWS. Some people don’t like it because they view the dependence on the infrastructure of an American company to be a risk to availability. They also believe that it would exacerbate a security flaw if one were found.

Let’s not pretend the hypervisor doesn’t have full access to the VMs memory and execution. The only thing protecting the Signal server is Intel SGX.

Signal doesn’t need to, you need to trust the whole chain. You’ll need to trust AWS, you need to trust Intel SGX, etc

Mind you the issue here is that an old Android phone will likely have an outdated kernel. Even if there is a custom ROM for it. Leaving you vulnerable, which isn’t great.

Yes XMPP supports voice. Had for well over a decade, maybe two.

I don’t think it’s legal in Quebec under provincial privacy laws.

Why would a retailer turn down an additional resource that drives customers to their site.

Why would independent artisans be obligated to sell their products through Amazon?

Python is demonstrably worst for the planet than Go.

https://www.iro.umontreal.ca/~mignotte/IFT2425/Documents/RankingProgrammingLanguagesByEnergyEfficiency.pdf

It should be fine to well bellow freezing, you just want to make sure it heats back up slowly(ish) and try to prevent condensation. Most electronics is rated to -20°C for storage.

Thing is, it’s just not true. OnePlus also allows relocking.

Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.

That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there’s also a security team that watches for packages requiring expedited attention, and security backports.

Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.

I’m not super familiar with Maven so I could be wrong, but doesn’t Maven still pull depencies from upstream? That doesn’t fix the problem. Having depencies packaged in the OS means there is in theory some level of overview and review by the package maintainer(s).

Debian does as well for anything that is packaged; python, golang, rust, etc.