Yeah, it’s pretty understandable to associate telemetry with wrongdoing. There’s been so much of it that it’s easier to switch it off.
There’s a lot of useful, non-personal data they have legitimate reason to collect. Namely, app profiling data for profile-guided optimization which can improve the performance of the browser by analyzing how it runs on actual devices.
Have you seen the Star64?
Yeah, I think that comes from the developer having high standards for hardware security. The effort put in is a waste if the hardware fails. I would have thought Samsung would have been suitable too, though.
What about /e/OS or plain old degoogled Lineage? I like it as a phone OS, it’s just a shame the app ecosystem is so dependent on Google’s services.
I need to get into NixOS but I have a similar variation on servers: ansible for state of systems, Borg + Borgbase for data (kept in /srv) and code (including ansible) are in Git.
The separation between data and state is really great. You want to be able to go from a base install and only bring in everything which makes your setup different.
Even some shops working with Windows Server are asking “wait, why are we paying for these licenses?”
Then it comes down to whether it’s cheaper to rewrite legacy applications or continue to pay for licenses.
Yeah and ARM servers are cheap. You can often get twice the processor cores and memory for the same price.
That doesn’t always map to twice the performance, though some benchmarks would suggest it could for certain applications.
I don’t even mind the shortened arguments too much, though it doesn’t help. It’s more that every example seems to smush them together into a string of letters.
I would have found
tar -x -f pics.tar ./pics
to be clearer when I was learning. There’s plenty of commands which allow combining flags but every tar tutorial seems to do it from the beginning.
Absoutely. I mostly use Firefox because I’m so familiar with it by now but the privacy is generally much better and it doesn’t have a massive monopoly on the web. I’m just a lot more comfortable with it.
When I have to, I use ungoogled-chromium on desktop and Bromite on mobile. I recommend those to anyone familiar with Chrome.
I’ve read not to bother with Decentraleyes. The dependencies are often out of date which mean you’ll hit 3rd party CDNs anyway. Unless its coverage is 100℅, it’s less than useless for privacy as the hit pattern to CDNs might even make you stand out.
Privacy Badger is also redundant if you have uBO.
These two form a “mesh VPN” which use direct encrypted links between any number of devices. You can think of it as forming a virtual LAN where you can communicate with devices, including open ports. A lot of them have clever tricks to overcome CG-NATs, which you seem to be struggling with.
Another option is to just rent a server. You can get massive storage space for less than some VPNs cost and you don’t need powerful hardware if your device supports the codecs you’re using. You could even get a cheapy VPS and reverse proxy to your Jellyfin server through an SSH tunnel or similar. Lots of options here.
I read Signal is changing that. I agree, I don’t like phone numbers as IDs.
Has anyone independently verified that this is the case for the FP4? It’s well known that the FP3 accepts testsigned ROMs, but all discussions regarding the FP4’s trusted keys points back to the same FP3-specific thread on Fairphone’s forum.
I don’t know, it does make flashing custom ROMs easier but I would rather have to install my own signing keys or signing keys for the ROM as this way renders a part of the device security completely useless. I’d at least like to have known when I bought it.
I’m not paranoid which is why I’m still using the device but these three points were each huge disappointments which make me not want to buy another Fairphone.
I think it’s a Qualcomm Snapdragon SM7225.
It’s not really about better, it’s more knowing what I’m getting. It’s not their fault that Qualcomm’s support is only 3 years (at the time) or that it takes them 10 months to develop support for the chosen SoC which eats into part of that 3 years. Still, I got the phone thinking I would have a reasonably secure device for 4-5 years which wasn’t entirely accurate.
I love the idea and, if you’re willing to sacrifice some security for sustainability, that’s great. I just want people to know what they’re getting into because I didn’t.
As the owner of a Fairphone 4, don’t get one.
It’s sold as a 5G phone but crashes intermittently if you actually enable 5G. I bought a 5G phone and I’m still on 4G. I wish I could say that’s the most of the problems, I could live with that.
The software support, in my opinion, is falsely advertised. You do get 5 years of kernel and Android updates but the system-on-chip updates, which aren’t made by Fairphone, end October of this year. That’s a whole important part of the updates which cease only 2 years into support.
Then, there’s the real kicker; the hardware root of trust has the (publicly available) AOSP test keys installed. This means anyone can sign and flash a verified ROM if they have access to the unlocked phone. That’s perhaps not too important for most people, but it screams incompetence and it means you cannot trust a second hand device.
When the SoC support is up, I’m moving to a Pixel. I’m done rolling the dice on Android phone manufacturers and I want a well implemented device.
Yeah, the spread operator is heavy. Admittedly, one iteration of our software abused it and still seemed to run ok. We didn’t end up changing that for performance reasons and it was more about code complexity. I wonder how excessive you have to get?
I don’t know how some developers manage it. I’ve written web apps in React and, without even using available optimisations, the UI is acceptably snappy on any modern desktop.
We inherited an application from another vendor (because of general issues with the project) and it’s just S L O W. The build is slow and takes several minutes, the animations are painful and even the translations are clearly not available for the first 5 seconds.
My question is, how? I’m not an expert, I generally suck at frontend and I just had to fill in for it. I didn’t purposely write optimised code, the applications are similar in the amount of functionality they provide and they both heavily use JavaScript. How do you make it that slow?
You’ve got me down a rabbit hole now.
Shorter than expected SoC support is one thing, but the hardware root of trust trusting AOSP test keys which was also stated by GrapheneOS is something else. That’s a total amateurish blunder and the only reason it’s not a complete disaster is you need to boot into EDL mode first to actually flash a recovery. The verified boot is practically useless.
Thank you for bringing this to my attention, I’m not purchasing another phone from them. Unfortunate, because I liked the removable battery and seemingly long support. Back to the drawing board.
Tom Jones - It’s Not Unusual