There is a trust enclave on any GSM based phone. Ever since AT&T did the Softcard offering which required a distinct application to be placed on SIM cards to handle a trust enclave, all SIM cards are able to handle secure computing and banking.
I'm actually surprised that more phone makers don't take advantage of this. A SIM has a good amount of room to not just store stuff securely, but be able to have areas that are sectioned off and can be PIN protected. Moving the secure enclave to the SIM means less stuff to worry about on the phone.
I have been happy with the Logitech G600. It is a little bit odd, but not too hard to get used to, and has plenty of buttons available for the thumb. I like it for the few games I play because of the fact that when healing, I can just mouseover a player, hit a button with the thumb, and move onto the next one.
Downside is that it is a pain to get mapped initially, but once that is done, having 20 buttons ready to go is quite useful.
The catch is that you need manpower to actually have someone look at the honeypots, declare there is an attack in progress, and start disconnecting stuff. However, in most IT environments, not many employees will actually do so unless they have 100% evidence to do so, for fear they will be fired for crying wolf. In fact, IT people may get fired regardless of catching the attack in progress because "it happened on their watch."
For a small startup with C-level people, this would work and even provide some entertainment. However, for a lot of companies where the C-levels actually will make a tidy profit by shorting their stock before they announce to the public they were compromised, it likely would not work.
Because the T2 chip blocks access to the internal SSD when the security level is set to off, making it impractical to install Linux or another OS when Apple starts supporting that laptop, that is a deal killer for me
Disclaimer: I could be wrong, but I've not found anything that states one can both turn security off, and install Linux on the internal SSD on a T2 equipped Mac. You can turn security off and use external flash drive media, but the internal drive is inaccessible. It would be nice if Apple allowed the SSD to work, and provided support for Microsoft compliant shims, so one could have Secure UEFI boot to RedHat, Ubuntu, or other operating systems and have some faith that the kernel hasn't been tampered with.
Between this, and the other Mac issues (keyboard, audio), looks like my next MacBook Pro may be a Dell Latitude model, which in some ways is a better MBP than a MBP, if only because it supports USB-C, and USB-A without needing a dock or dongles.
The funny thing is that both companies have some awesome IP.
EA could make cash hand over fist if they decided to crack open some of the old Origin games and make them.
For example, an Ultima reboot. Not a "mobile friendly" app that demands DLC and microtransactions to play, but a complete revamping of the series, where one buys the game, with zero microtransactions. No Avatar loot boxes, no mongbat pets, no fluff... but a return to basic plot and gameplay.
EA would make money hand over fist if they did this in a way that wasn't a quick cash grab, driving away everyone.
Here is the odd thing: My friends' kids in high school are quite aware that Facebook sells their stuff.
Kids are not dumb. They don't really use Facebook other than to interact with the adults. They use other venues. Discord is popular with a lot of private servers. Telegram and Signal are common, and well out of the reach for monitoring services hired by schools.
I'm sure the next step will be schools demanding their MDM software be used, but eventually phones will start having different VMs, where the school can "own" one container with one SIM card, while the other container actually has all the interesting stuff.
Around where I live, I've done a TNR initiative which has worked well. Live trap the cats, get them spayed/neutered and checked out for medical conditions by a vet, then release them back. This has kept the stray cat population stable, especially when a cat with FIV or another disease is removed and can't infect other animals.
That is a microcosm of the industry in general. Take a typical company. They are pivoting to DevOps, and have implemented Scrum. A manager takes the role of the SCRUM master and turns daily stand-up meetings into kangaroo court sessions with developers wringing their hands, pointing to someone, and saying, "wah! He's blocking me!" Because marketing already sold the feature to customers, development is always in a permanent sprint to throw -anything- together so the sales people are not considered total liars.
Now, comes the conundrum. A dev, if they don't make those deliverables, will get fired or offshored. So, anything that gets in the way, be is security, using fewer resources, or code robustness gets set aside. The tech debt is increased. Yes, the code has to run as an unconstrained root user, with full access to the DB, but the deliverable was made, and the coder can go onto the next thing marketing sold to the client as a feature already there. The developer has a choice between working in security, but then the developer fails to make the deliverable on time, will be threatened daily at the standup meeting, and ultimately booted. On the other hand, if the lack of security causes a breach and lawsuits, the developer is quite insulated from the consequences, as there are layers upon layers of company stuff.
So, for a developer, there is zero incentive to build any security in the product.
Now for management. To them, security has no ROI, and any consequences of an insecure product don't affect them. At worst, stock values tumble for a week or so, then go back up.
As it stands now, with the feeling that "the only profit a lock makes is for the lock maker", it is no wonder why security breaches are so common.
Nothing is going to get done until a company's articles of incorporation papers are dissolved, and the corporate veil pierced if there are enough egregious violations of security.
With the fact that anyone in the top brass can short their stock or buy put options when they find out about the breach, then finish the transaction after the public announcement, after things tumble, make a mint from it. Not like this is insider trading or anything.
I don't know what Apple can do about something like this. A valid dev ID can allow software to run as root with full root privs. The only way I can see Apple fixing this is moving the Gatekeeper options to the same place where one sets the T2 boot security via recovery mode, where it is inaccessible in the normal OS.
(IIRC) Ages ago, Sprint required signed code on all their smartphones (this was pre-iPhone, and smartphones were a different type of device than PDA-phones, so they had mainly Windows Mobile offerings.) As a requirement, all code signing keys came on physical smart cards (Aladdin eTokens to be specific.) It was Draconian, but at the time, it did a decent job at ensuring nobody could snatch a developer's key and make off with it. Maybe Apple should have as an option, an Apple HSM (perhaps a rebranded YubiKey HSM) so developers have a physical device that the key never leaves, and a physical button which must be pressed for a signing to actually happen (i.e. a remote attacker will be stuck waiting for the physical YubiKey button press.)
By having the key in a HSM, even without Yubikey's physical authentication, it will ensure that at worst, an attacker has to log on and use the HSM for nefarious reasons, but couldn't grab the key from it.
Couldn't agree more. You can buy a LG Stylo 4 which has a fingerprint scanner, MicroSD card, and (IIRC) a 3.5mm jack... and an unlockable bootloader. It doesn't have NFC, which would be a nice feature... but for a smartphone, it works decently. Add Nova Launcher, a root based firewall via Magisk, and disable bloated apps, and it works extremely well.
Why can't Google come out with a phone in this price range? Not every needs five rear cameras and 3 front ones. With a recession looming around the corner, Google's best bet would be to not just focus on flagship stuff, but midrange stuff.
Oh, and contrary to belief, don't just sell the entry level phones in India. The US desperately needs phones at those price points. Not everyone can or will pony up $1800 or so for a high end phone, and there is plenty of money to be made in the other categories. If Google doesn't understand this, there are other companies who will, like Blu Mobile.
In some cases, contractors don't make that much more than the FTEs. I have seen places where management deliberately pits contractors versus the FTEs, where the FTEs are told that their jobs can be replaced at any time by the contractors, and the contractors are told how awesome the cool benefits the FTEs get, like the gym and such... which they will never get to see unless they become FTEs.
In my experience, in general you are never told how long your gig will be. Of course, when your gig ends, you will never be told face to face. Your badge just stops working in the door, and your stuff on your desk is either packed up and at the front desk... or is likely at a local pawn shop. If lucky, you might be asked to drive to the contractor office, just for them to demand your badge and stuff there.
Your best defense as a contractor? Five things:
First, you make sure your "fuck you" fund is kept at at least a year's salary. This is NOT an IRA, and not a savings. This is a fund whose goal is to keep your rent/mortgage paid, food on the table, your vehicle out of repossession, and you relatively sane. This way, when you get laid off, you can take time and get a "real" job, and not wind up taking another contract job out of desperation.
The second thing: As a contractor, always keep your LinkedIn profile up to date, your resume up to date, keep contacts going, go to various business events, keep a GitHub public repository full of goodies that show your stuff, and keep a job hunt going at a low level. That way, when some company has a good FTE position, you can leave the craziness of the contractor world behind for some stability.
The third thing: Get some certificates. Tech co-workers don't care, but showing you have a Sec+ helps you for government work. A RHCE, MCSE, or CCIE will get you past the HR firewall in most companies.
The fourth thing: You generally don't get any vacation time. Make sure you have a vacation fund where you can just take some time off. This will keep you from burning out. Burnout is common as a contractor, and it will kill your career.
The fifth thing: Start looking for a FTE job eventually, or else you get branded as a "contractor only" person. Someone to be hired and fired and who isn't worth paying a full time salary too. Having contract jobs, especially if they are short term, is bad for the resume after a while, as you get viewed as disposable, or the first person on the list to get the axe.
Not many people in the US use it, but Yandex is a very popular cloud service in Europe and other places, with businesses relying on it for day to day usage as much as businesses here in the US rely on AWS. I wonder how an outage will affect the customers using that for their day to day business.
I remember a bulletin board that had both shadowbanning, and an Eliza-like bot which would constantly reply to a spammer's own stuff via an account that nobody could see except the top admin and the spammers. It kept their treadmills going a while.
What is needed are good old fashioned honeypots, and expanding teergrube functionality to suspected bots. This way, a CAPTCHA gets posted which has no right answer as one delay. Or, the account gets created and the account password doesn't work.
I am reminded of some code I wrote ages ago, back when banning by IP or domain was minimally effective. For the MUD I had, I had code which allowed a certain IP range list to register, but every character they registered was auto-flagged where they could log on, try to spam, but the server ate the spam, then commands started getting progressively slower until the user was finally disconnected. When the user was disconnected, they got a change password dialog which would just repeat and not allow them to get past. Then, In 24 hours, the characters created from the offending IP range would be silently deleted. This kept a set of trolls spinning their wheels for weeks without affecting any of the actual players.
As someone who is a tad miffed at Adobe for forcing a subscription model on everyone, even the enterprise, I would be hesitant at best to buy any hardware offerings because I would fear that some additional monthly subscription fee would be tacked on.
If I needed hardware for a custom mass-produced gizmo, and wasn't bound to x86/amd64, I'd probably go ARM. Yes, it does have a license fee, but the technology is widely known and debugged, tools are available, finding multiple ARM fabs wouldn't be hard to do, to ensure second-sourcing is doable, and it would be easy to mass produce widgets with ARM products. If not ARM, then RISC-V or POWER.
I remember an experimental polymer having tiny capsules of monomer, with hardener/catalyst embedded into the edges of the capsule. When a breakage or crack happened, the capsules would tear open the resin, and it would harden and cure to repair the damage.
This is interesting research, but AFAIK, the "nutrient" stuff is pretty toxic, as uncured resins tend to be.
Community support is important. I have obtained phones and unlocked the bootloader... only to find that there are no ROMs available, and the only real option you have is to use a factory ROM with Magisk, so you continue to receive updates. This is better than nothing, but the best thing going is LineageOS.
I wish XDA would have a list of phones, which would be maintained/updated often (at least monthly) of phones to buy that are easily unlockable or rootable. That way, someone doesn't buy a Huawei device and then wonder why they can't do anything with it.
I never used Flickr in the first place. You get what you pay for, so my photos are on a cloud provider I paid for, or on an AWS virtual machine. Either way, I'm the customer, not the product.
Don't forget the user hostile options. In the past, updates were file based, so if you had a modded/system, it will still be OK. Now, it is by image, so any changes to a read-only filesystem mean no vendor fixes. Now, even rooting is difficult and has to be done via add-on methods like Magisk if it can be done at all, especially with top tier phone makers like Huawei doing their best to secure bootloaders and lock people out of their devices.
On the Apple side, with Cydia all but gone, jailbreaking is all but dead.
The ironic thing is that rooting is a must. It does not lesson the security of a device, but it allows one to block rogue/suspect apps from phoning home or to places it shouldn't on the Linux kernel level, a critical privacy tool.
I agree about loss of features. What will a new phone get me? Probably a better camera and faster CPU. With MicroSD card slots becoming more rare, newer phones have lost storage and backup capacity.
Maybe some phone maker can realize this and go back to designs which may be a little thicker and chunkier... but offer replaceable batteries, multiple SIM and MicroSD card slots, an open source ROM that can be updated via either block or files, offer LineageOS as an alternative, or maybe a ROM with root built in. A device like this would sell well, especially in this shaky economy where a phone maker likely will be better off selling accessories for people to repair/update/maintain their stuff than $1800 new phones.
The ironic thing that Samsung knows how to do this. They make tanks and fighter jets, for crying out loud. They know what they are doing when it comes to composites and materials. It wouldn't be hard for them to make a ceramic back that can take heavy abuse, but still give that top notch phone feel. Or, they can take a step back and go back to machined aluminum which has proven itself to be a decent phone material.
I have a two year old phone as well. Even more ironic, it has a nice feature that the newer iPhones don't... the fingerprint scanner.
Why spend all that cash for a relatively throwaway item? All buying a new phone does is make the phone makers richer. In previous years where there were actual improvements with devices, like higher IPS displays, fingerprint scanners, faster Wi-Fi and cellular speeds, it made sense to go with a newer phone. However, it will be years before "5G" gets rolled out, and there isn't much the latest iPhone 10xspro-platinum can do that an earlier iPhone can't, other than bouncy poop icons, and a little bit better camera footage.
Phone makers have failed to understand something: The economy is tightening. People are starting to make sure their job is secure, that they can cover next month's rent, and meet basic needs, should they get laid off. The last thing people are caring about is a new phone, especially when companies are starting to do mass layoffs.
Want to make a phone that sells? Make a decent midrange phone. Focus on VWs, not Maybachs. People will buy phones, but they are not going to throw $1500 at a new device in this economy. Perhaps make phones with user replacable batteries and other accessories, because people will buy new batteries, but not phones, especially if the economy gets worse.
It had one awesome point: Write once, run anywhere. In theory, an application could run the same on AIX as it does on a Java "decoder ring", without issue.
In reality, because of the differences in JVMs, an application that worked well on Mac will just throw an exception and die... or even worse, run and end without any error messages and no real way to trace it unless you go through line by line. Trying to have the same code work well on Macs, Windows, and Linux was an exercise in futility.
I do think there is still a need for one language that runs across platforms... but it looks like that language is turning into Python.
The ironic thing is that the Java runtime was one of the few major Mac attack vectors until Apple killed it.
Java is definitely useful, but the problem is that it has been ignored, and its structure not fundamentally updated for decades to handle modern day attacks.
Had Java kept up with the times, there would have been no need for Flash or HTML5. However, because of the neglect, it just got surpassed by newer technologies.
Slashdot Mirror
There is a trust enclave on any GSM based phone. Ever since AT&T did the Softcard offering which required a distinct application to be placed on SIM cards to handle a trust enclave, all SIM cards are able to handle secure computing and banking.
I'm actually surprised that more phone makers don't take advantage of this. A SIM has a good amount of room to not just store stuff securely, but be able to have areas that are sectioned off and can be PIN protected. Moving the secure enclave to the SIM means less stuff to worry about on the phone.
I have been happy with the Logitech G600. It is a little bit odd, but not too hard to get used to, and has plenty of buttons available for the thumb. I like it for the few games I play because of the fact that when healing, I can just mouseover a player, hit a button with the thumb, and move onto the next one.
Downside is that it is a pain to get mapped initially, but once that is done, having 20 buttons ready to go is quite useful.
The catch is that you need manpower to actually have someone look at the honeypots, declare there is an attack in progress, and start disconnecting stuff. However, in most IT environments, not many employees will actually do so unless they have 100% evidence to do so, for fear they will be fired for crying wolf. In fact, IT people may get fired regardless of catching the attack in progress because "it happened on their watch."
For a small startup with C-level people, this would work and even provide some entertainment. However, for a lot of companies where the C-levels actually will make a tidy profit by shorting their stock before they announce to the public they were compromised, it likely would not work.
Because the T2 chip blocks access to the internal SSD when the security level is set to off, making it impractical to install Linux or another OS when Apple starts supporting that laptop, that is a deal killer for me
Disclaimer: I could be wrong, but I've not found anything that states one can both turn security off, and install Linux on the internal SSD on a T2 equipped Mac. You can turn security off and use external flash drive media, but the internal drive is inaccessible. It would be nice if Apple allowed the SSD to work, and provided support for Microsoft compliant shims, so one could have Secure UEFI boot to RedHat, Ubuntu, or other operating systems and have some faith that the kernel hasn't been tampered with.
Between this, and the other Mac issues (keyboard, audio), looks like my next MacBook Pro may be a Dell Latitude model, which in some ways is a better MBP than a MBP, if only because it supports USB-C, and USB-A without needing a dock or dongles.
The funny thing is that both companies have some awesome IP.
EA could make cash hand over fist if they decided to crack open some of the old Origin games and make them.
For example, an Ultima reboot. Not a "mobile friendly" app that demands DLC and microtransactions to play, but a complete revamping of the series, where one buys the game, with zero microtransactions. No Avatar loot boxes, no mongbat pets, no fluff... but a return to basic plot and gameplay.
EA would make money hand over fist if they did this in a way that wasn't a quick cash grab, driving away everyone.
Here is the odd thing: My friends' kids in high school are quite aware that Facebook sells their stuff.
Kids are not dumb. They don't really use Facebook other than to interact with the adults. They use other venues. Discord is popular with a lot of private servers. Telegram and Signal are common, and well out of the reach for monitoring services hired by schools.
I'm sure the next step will be schools demanding their MDM software be used, but eventually phones will start having different VMs, where the school can "own" one container with one SIM card, while the other container actually has all the interesting stuff.
Can't be done. Visa, Mastercard, and Amex all have clauses forbidding those cash discounts, which can cause a merchant's account to be pulled.
Around where I live, I've done a TNR initiative which has worked well. Live trap the cats, get them spayed/neutered and checked out for medical conditions by a vet, then release them back. This has kept the stray cat population stable, especially when a cat with FIV or another disease is removed and can't infect other animals.
That is a microcosm of the industry in general. Take a typical company. They are pivoting to DevOps, and have implemented Scrum. A manager takes the role of the SCRUM master and turns daily stand-up meetings into kangaroo court sessions with developers wringing their hands, pointing to someone, and saying, "wah! He's blocking me!" Because marketing already sold the feature to customers, development is always in a permanent sprint to throw -anything- together so the sales people are not considered total liars.
Now, comes the conundrum. A dev, if they don't make those deliverables, will get fired or offshored. So, anything that gets in the way, be is security, using fewer resources, or code robustness gets set aside. The tech debt is increased. Yes, the code has to run as an unconstrained root user, with full access to the DB, but the deliverable was made, and the coder can go onto the next thing marketing sold to the client as a feature already there. The developer has a choice between working in security, but then the developer fails to make the deliverable on time, will be threatened daily at the standup meeting, and ultimately booted. On the other hand, if the lack of security causes a breach and lawsuits, the developer is quite insulated from the consequences, as there are layers upon layers of company stuff.
So, for a developer, there is zero incentive to build any security in the product.
Now for management. To them, security has no ROI, and any consequences of an insecure product don't affect them. At worst, stock values tumble for a week or so, then go back up.
As it stands now, with the feeling that "the only profit a lock makes is for the lock maker", it is no wonder why security breaches are so common.
Nothing is going to get done until a company's articles of incorporation papers are dissolved, and the corporate veil pierced if there are enough egregious violations of security.
With the fact that anyone in the top brass can short their stock or buy put options when they find out about the breach, then finish the transaction after the public announcement, after things tumble, make a mint from it. Not like this is insider trading or anything.
I don't know what Apple can do about something like this. A valid dev ID can allow software to run as root with full root privs. The only way I can see Apple fixing this is moving the Gatekeeper options to the same place where one sets the T2 boot security via recovery mode, where it is inaccessible in the normal OS.
(IIRC) Ages ago, Sprint required signed code on all their smartphones (this was pre-iPhone, and smartphones were a different type of device than PDA-phones, so they had mainly Windows Mobile offerings.) As a requirement, all code signing keys came on physical smart cards (Aladdin eTokens to be specific.) It was Draconian, but at the time, it did a decent job at ensuring nobody could snatch a developer's key and make off with it. Maybe Apple should have as an option, an Apple HSM (perhaps a rebranded YubiKey HSM) so developers have a physical device that the key never leaves, and a physical button which must be pressed for a signing to actually happen (i.e. a remote attacker will be stuck waiting for the physical YubiKey button press.)
By having the key in a HSM, even without Yubikey's physical authentication, it will ensure that at worst, an attacker has to log on and use the HSM for nefarious reasons, but couldn't grab the key from it.
Couldn't agree more. You can buy a LG Stylo 4 which has a fingerprint scanner, MicroSD card, and (IIRC) a 3.5mm jack... and an unlockable bootloader. It doesn't have NFC, which would be a nice feature... but for a smartphone, it works decently. Add Nova Launcher, a root based firewall via Magisk, and disable bloated apps, and it works extremely well.
Why can't Google come out with a phone in this price range? Not every needs five rear cameras and 3 front ones. With a recession looming around the corner, Google's best bet would be to not just focus on flagship stuff, but midrange stuff.
Oh, and contrary to belief, don't just sell the entry level phones in India. The US desperately needs phones at those price points. Not everyone can or will pony up $1800 or so for a high end phone, and there is plenty of money to be made in the other categories. If Google doesn't understand this, there are other companies who will, like Blu Mobile.
In some cases, contractors don't make that much more than the FTEs. I have seen places where management deliberately pits contractors versus the FTEs, where the FTEs are told that their jobs can be replaced at any time by the contractors, and the contractors are told how awesome the cool benefits the FTEs get, like the gym and such... which they will never get to see unless they become FTEs.
In my experience, in general you are never told how long your gig will be. Of course, when your gig ends, you will never be told face to face. Your badge just stops working in the door, and your stuff on your desk is either packed up and at the front desk... or is likely at a local pawn shop. If lucky, you might be asked to drive to the contractor office, just for them to demand your badge and stuff there.
Your best defense as a contractor? Five things:
First, you make sure your "fuck you" fund is kept at at least a year's salary. This is NOT an IRA, and not a savings. This is a fund whose goal is to keep your rent/mortgage paid, food on the table, your vehicle out of repossession, and you relatively sane. This way, when you get laid off, you can take time and get a "real" job, and not wind up taking another contract job out of desperation.
The second thing: As a contractor, always keep your LinkedIn profile up to date, your resume up to date, keep contacts going, go to various business events, keep a GitHub public repository full of goodies that show your stuff, and keep a job hunt going at a low level. That way, when some company has a good FTE position, you can leave the craziness of the contractor world behind for some stability.
The third thing: Get some certificates. Tech co-workers don't care, but showing you have a Sec+ helps you for government work. A RHCE, MCSE, or CCIE will get you past the HR firewall in most companies.
The fourth thing: You generally don't get any vacation time. Make sure you have a vacation fund where you can just take some time off. This will keep you from burning out. Burnout is common as a contractor, and it will kill your career.
The fifth thing: Start looking for a FTE job eventually, or else you get branded as a "contractor only" person. Someone to be hired and fired and who isn't worth paying a full time salary too. Having contract jobs, especially if they are short term, is bad for the resume after a while, as you get viewed as disposable, or the first person on the list to get the axe.
Not many people in the US use it, but Yandex is a very popular cloud service in Europe and other places, with businesses relying on it for day to day usage as much as businesses here in the US rely on AWS. I wonder how an outage will affect the customers using that for their day to day business.
I remember a bulletin board that had both shadowbanning, and an Eliza-like bot which would constantly reply to a spammer's own stuff via an account that nobody could see except the top admin and the spammers. It kept their treadmills going a while.
What is needed are good old fashioned honeypots, and expanding teergrube functionality to suspected bots. This way, a CAPTCHA gets posted which has no right answer as one delay. Or, the account gets created and the account password doesn't work.
I am reminded of some code I wrote ages ago, back when banning by IP or domain was minimally effective. For the MUD I had, I had code which allowed a certain IP range list to register, but every character they registered was auto-flagged where they could log on, try to spam, but the server ate the spam, then commands started getting progressively slower until the user was finally disconnected. When the user was disconnected, they got a change password dialog which would just repeat and not allow them to get past. Then, In 24 hours, the characters created from the offending IP range would be silently deleted. This kept a set of trolls spinning their wheels for weeks without affecting any of the actual players.
As someone who is a tad miffed at Adobe for forcing a subscription model on everyone, even the enterprise, I would be hesitant at best to buy any hardware offerings because I would fear that some additional monthly subscription fee would be tacked on.
If I needed hardware for a custom mass-produced gizmo, and wasn't bound to x86/amd64, I'd probably go ARM. Yes, it does have a license fee, but the technology is widely known and debugged, tools are available, finding multiple ARM fabs wouldn't be hard to do, to ensure second-sourcing is doable, and it would be easy to mass produce widgets with ARM products. If not ARM, then RISC-V or POWER.
I remember an experimental polymer having tiny capsules of monomer, with hardener/catalyst embedded into the edges of the capsule. When a breakage or crack happened, the capsules would tear open the resin, and it would harden and cure to repair the damage.
This is interesting research, but AFAIK, the "nutrient" stuff is pretty toxic, as uncured resins tend to be.
Community support is important. I have obtained phones and unlocked the bootloader... only to find that there are no ROMs available, and the only real option you have is to use a factory ROM with Magisk, so you continue to receive updates. This is better than nothing, but the best thing going is LineageOS.
I wish XDA would have a list of phones, which would be maintained/updated often (at least monthly) of phones to buy that are easily unlockable or rootable. That way, someone doesn't buy a Huawei device and then wonder why they can't do anything with it.
Motorola, HTC, and I think Sony all allow unlocking. Even some Samsung devices as well.
Anything from Huawei and other places which are custom ROM hostile... avoid like the plague.
I never used Flickr in the first place. You get what you pay for, so my photos are on a cloud provider I paid for, or on an AWS virtual machine. Either way, I'm the customer, not the product.
I just don't trust "free" providers.
Don't forget the user hostile options. In the past, updates were file based, so if you had a modded /system, it will still be OK. Now, it is by image, so any changes to a read-only filesystem mean no vendor fixes. Now, even rooting is difficult and has to be done via add-on methods like Magisk if it can be done at all, especially with top tier phone makers like Huawei doing their best to secure bootloaders and lock people out of their devices.
On the Apple side, with Cydia all but gone, jailbreaking is all but dead.
The ironic thing is that rooting is a must. It does not lesson the security of a device, but it allows one to block rogue/suspect apps from phoning home or to places it shouldn't on the Linux kernel level, a critical privacy tool.
I agree about loss of features. What will a new phone get me? Probably a better camera and faster CPU. With MicroSD card slots becoming more rare, newer phones have lost storage and backup capacity.
Maybe some phone maker can realize this and go back to designs which may be a little thicker and chunkier... but offer replaceable batteries, multiple SIM and MicroSD card slots, an open source ROM that can be updated via either block or files, offer LineageOS as an alternative, or maybe a ROM with root built in. A device like this would sell well, especially in this shaky economy where a phone maker likely will be better off selling accessories for people to repair/update/maintain their stuff than $1800 new phones.
The ironic thing that Samsung knows how to do this. They make tanks and fighter jets, for crying out loud. They know what they are doing when it comes to composites and materials. It wouldn't be hard for them to make a ceramic back that can take heavy abuse, but still give that top notch phone feel. Or, they can take a step back and go back to machined aluminum which has proven itself to be a decent phone material.
I have a two year old phone as well. Even more ironic, it has a nice feature that the newer iPhones don't... the fingerprint scanner.
Why spend all that cash for a relatively throwaway item? All buying a new phone does is make the phone makers richer. In previous years where there were actual improvements with devices, like higher IPS displays, fingerprint scanners, faster Wi-Fi and cellular speeds, it made sense to go with a newer phone. However, it will be years before "5G" gets rolled out, and there isn't much the latest iPhone 10xspro-platinum can do that an earlier iPhone can't, other than bouncy poop icons, and a little bit better camera footage.
Phone makers have failed to understand something: The economy is tightening. People are starting to make sure their job is secure, that they can cover next month's rent, and meet basic needs, should they get laid off. The last thing people are caring about is a new phone, especially when companies are starting to do mass layoffs.
Want to make a phone that sells? Make a decent midrange phone. Focus on VWs, not Maybachs. People will buy phones, but they are not going to throw $1500 at a new device in this economy. Perhaps make phones with user replacable batteries and other accessories, because people will buy new batteries, but not phones, especially if the economy gets worse.
It had one awesome point: Write once, run anywhere. In theory, an application could run the same on AIX as it does on a Java "decoder ring", without issue.
In reality, because of the differences in JVMs, an application that worked well on Mac will just throw an exception and die... or even worse, run and end without any error messages and no real way to trace it unless you go through line by line. Trying to have the same code work well on Macs, Windows, and Linux was an exercise in futility.
I do think there is still a need for one language that runs across platforms... but it looks like that language is turning into Python.
The ironic thing is that the Java runtime was one of the few major Mac attack vectors until Apple killed it.
Java is definitely useful, but the problem is that it has been ignored, and its structure not fundamentally updated for decades to handle modern day attacks.
Had Java kept up with the times, there would have been no need for Flash or HTML5. However, because of the neglect, it just got surpassed by newer technologies.