Few problems:

1. Safteynet (play integrity) and root detection

There are magisk tweaks to help combat this but its a annoying game of cat and mouse. Some apps like chase have particularly annoying root detection to deal with. Also regaring safteynet once google fully enforces hardware attestation passing safteynet with tweaks will be borderline impossible (most tweaks try to spoof older phones that don't support safteynet hardware attestation).

2. Widevine

Many streaming services (Netflix, Hulu, Disney, etc) will downgrade your video quality to 480p-540p due to L3 from unlocking the bootloader (a step thats usually required before you can root).

3. Physical security (potential risk)

Unlocking the bootloader is the first step to allowing for rooting and custom roms. One pro/con is when you unlock the bootloader you are partially at risk to a evil maid attack (some one with physical acess to your phone can compromise it). While difficult to do automatically (and probably very very rare) some one could hypothetically place a malicious bootloader that could steel data. The risk of this is mostly low but does exist.

Found a handy script to minimize this:

https://greasyfork.org/en/scripts/471718-lemmy-post-keyword-filter

The problem comes down to education institutions. I remember when we got Chromebooks in my highschool (8 years ago) admins forgot to turn of developer mode and half the school unenrolled the Chromebook managing to bypass all restrictions. This went on for half a year until one day our school needed to run a state exam (more for measure of schools performance not as a college entrance exam or anything).

The computerized testing program required deploying a specific chrome app accessible when chrome book is logged out (can't just download from chrome web store). When they tried to push the client since half of Chromebooks were unenrolled it failed. This required the school it to recall pretty much all chrome books to manually re enroll all of them and disable developer mode (prevents unenrolling and prevents sideloading Linux).

Problem is if older Chromebooks are used for Linux in an educational environment there would be nothing stopping a student from whipping up a bootable USB and dumping another distro (bypassing restrictions). I'm also not sure if there is a enrollment mode equivalent Linux (there may be but not sure).

At least that's my two cents (not a school it admin just a memory from the past 😉).

Agreed whats more annoying is getting double X posts back to back

Best reason would be if you were a reddit sync user in the past Lemmy sync would feel familiar.

It analogous to Apollo users feeling voyager similar (to an extent).

I do wonder how this compares to current payment processors (Visa, Mastercard, Paypal, etc)

Reminds of the 15 million merits episdoe in black mirror

🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿✖️

Who needs AI when you got FungI 🍄

Silly question if you don't mind me asking, when you got the pop up:

• Which browser/adblocker where you using (also did you use any custom filters)?
• What device are you watching youtube on when you saw the block (windows, macos, ios, android, linux)?
• Where are you located? (like which country)

I never saw these popups just curious.

Also my setups using a web browser (no issues):

• (Mac OS Soma) Firefox Stable with ublock origen stock filters
• (iPadOS 17) with adguard safari content blocker stock filters

Setups with third part clients (no issues):

• Revanced android
• Smarttube (Fire TV)
• YTLitePlus (iPadOS)

Actually in your case our school has a BYOD program (bring your own device) in which you can bring your own laptop with whatever flavor of OS. Firewall would restrict you, your device would be considered untrusted, and in testing a loaner locked down chromebook would be provided. The issue comes with non BYOD devices.

Now lets assume a school has 1k students. If they allowed os unlocking and allowed students to tinker with the os. Then they would need 2k chromebooks 1k unlockable 1k locked down for exam administration (assume the whole school needs to take it at the same time). From a admin/IT perspective why should the school need to pay double the number of chrome books just for a few students to install their favorite brand of linux.

Even under the best circumstances where support queries aren't increased (from students softbricking/ not knowing how to use linux) and say they are able to preserve 1k unlockable chromebooks, admins would still need to replace the other 1k locked down chrome books at end of software to stay in compliance with testing software (negating any financial benefit).

Only time I every encountered the popup was when I used orion with its built in adblocker. And even then I gat one warning (no metion of 3 strike policy). Only change now is the added a 3 second timer to the dismiss button.

Edit: Ublock origen and firefox as usual no issue

On Firefox Nightly looks like they have v3 enabled

This might sound silly but assuming you are using firefox or even safari how will this proposal affect these browsers. Only thing I can currently think of is banking sites (on android) would force you to use chrome and check play integrity (safteynet) to block acess.

At the end of the day won't this only affect people using Google chrome? (Forks of chrome, firefox, safari could by pass the issue)?

Sorry if I seem a bit ignorant

If your willing to deal with self hosting, immich is a great alternative. Its facial recognition and search is practically on par with google photos.

The only downside is it doesnt' have photo editing, and its under active developmeant (it gets weekly updates and you occasionally need to modify docker config though they do give a warning in ui).

https://github.com/immich-app/immich

data source for these vulnerabilities

Are you refering locations for vulnerability disclosure or are you more referring to bug bounty?

Personally, I'd just put everything behind a VPN. The attack surface is much smaller.

Fair enough

I do wish there were more services like nebula one yearly fee no baked in ads or ads at all and more creators are willing to join them.

The thing that sucks with youtube premium is you still have creators dumping 1 min long sponsors ruining the experience. Additionally often only way these creators allow you to go add free is via patreon, floatplane, etc which can get quite expensive if you follow 30-50 channels. The only other viable route is sponsorblock which works great but requires modified youtube clients/browser extensions and with youtubes new video adinjection could potentially be broken.

The only part I do wonder with nebula is how well it works for larger creators.

Linus Media group revenue break down

https://youtu.be/-zt57TWkTF4?t=532

I do own a cheap numerical xyz domain (something like 432433.xyz) cost a dollar per year. Only reason I was curious about eu.org is its very short and ends with .org.

I haven't really bought a proper .com domain since I'm just using them for side hobby projects (not for sharing with other people).

Thanks for the clarification

Kinda a weird question regarding DoH on android. Is there a way to have DoH bypass certain local domains without implementing it router level.

For example at home devices use a prefix like router.example.com or homeassistant.example.com (on internal lan). Some services on the domain are portforwarded while others are only available via internal net this causes issues when trying to acess internal devices.

On ios (in NextDNS specifically) there is an excluded domains feature which allows this. Unfortunatley android doesn't seem to have a similar option

I have a fire tv cube just direct launch into apps to avoid this. For example instead of powering on the fire tv with power button I tell Alexa to open the app I need.

Down side is this doesn’t really work with sieloaded apps like smart tube

Depends on the community. I do comment more than I post.

I see it as pointless and potential risks tarnishing the image that third party apps helped improve reddit (especially to normies/non techies who only use the official app and website).

What I don't get is what will damaging the ipo achieve now that a lot of 3rd party apps are toast (Apollo, rif, reddit sync). Even if spez or reddit as a whole did a full 180 nothing would change on the prospect of 3rdparty apps.

Only thing reddit can change is improving the first party app and mod tools (given their stance was the api was never meant for 3rdparty apps after flip flopping).

As a user you have more or less 5 options:

1. completely switch to Lemmy (or similar alternative).

2. use the official reddit app and deal with it

3. use social media less (pull the plug overall per say)

4. Use a paid subscription 3rd party app (example infinity for reddit

5. use a modded version of 3rdparty apps with custom api or the official reddit app modded (ex vanced)

I hope this comment doesn't come of too corporate or shill like

I just restarted my computer and relized it was a macos bug. Now I have no issues

I know this isn’t YouTube’s fault but one thing that bugs me about yet premium is when creators dump baked in ads.

As a user you have 3 options:

1. Deal with it and manual skip (in a way this feels like skipping commercials on cable tv Dvr)
2. Get ready to buy a ton of patreon subscriptions (kills the point of getting yt premium).
3. Get a modded client/ use browser extensions and use sponsorblock

Now the one exception to this is nebula where like YouTube you pay an all access fee but no baked in ads (I pay for this currently).

I do wonder if creators had the option to make videos available via YouTube premium only (say early access and no baked in ads). Would more people pay and would creators use this system? (They wouldn’t have to worry about demonetization).

Curious on your thoughts

Unfortunately google is aggressive at spam filtering. For example when I signed up for bookwormstory.social the confirmation mail was sent straight to spam automatically (I had to fish it out and mark it not as spam) 😔

Thanks for the clarification

Sorry about that (didn't think that far when making the post 🫠 ).

I updated the title

remote UI connection passes through the Home Assistant Central servers, the Central servers could maintain that safety database and off switch

I think this is how home assistant handles it. When they put out a cve they can update the insecure version list which makes nabucasa refuse remote forwarding (until you update).

Initially I was just thinking if a open-source project is on github and uses the security disclosure feature if it would be possible to pull data from it and disable remote acess (either by auto shutting down the service or simply disabling routing on a reverse proxy).

Having a system that does without a security disclosure list from a project maintainer would be far mor difficult like having the proxy disable one of your services if it detects a vulnerability in a dependency.

It sorta does. Nextcloud creates a list of placeholder files with a .nextcloud extension and when you open it nextcloud will auto download the realfile and open it.

Does the 300ms include dns latency?

Interesting I always assumed they used ip not dns for geo locating cdns.

Thanks for the tip

Silly question how are you using nextdns?

1. Android Private DNS
2. Official Nextdns app (DNS over HTTPS)
3. Via a third party app (ex rethink, etc)

Also how often do you encounter nextdns being blocked on public/coreperate wireless networks?

Official Nextdns app (DNS over HTTPS)

Curious why do you use the nextdns app over optioin 1? Is it because your phone doesn't support Android Private DNS or for another reason?

I never use wifi outside of my home. I have unlimited cellular data, so why would I bother?

Fair. I guess its more helpfull in cases of poor cell reception or traveling (though I guess this is a edge case in its own right).

Firstly thank you so much for explaing this for me.

"origin=Zabbix,codename=${distro_codename}"; //Zabbix Agent repository

I tried using this as a template for caddy

 500 https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version/main arm64 Packages
     release o=cloudsmith/caddy/stable,a=any-version,n=any-version,l=source=none,c=main,b=arm64
     origin dl.cloudsmith.io

I assume origin is:

o=cloudsmith/caddy/stable

When adding this rule

"origin=cloudsmith/caddy/stable,codename=${distro_codename}"; //Caddy repository

I get this error

Unable to parse Unattended-Upgrade::Allowed-Origins.
An error occurred: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):

https://pastebin.com/raw/7gtkRw7c

When changing the syntax to:

"cloudsmith/caddy/stable:${distro_codename}"; // Caddy

The error goes away.

Any ideas?

"origin=cloudsmith/caddy/stable";

Unable to parse Unattended-Upgrade::Allowed-Origins. An error occurred: not enough values to unpack (expected 2, got 1)

// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
        "origin=cloudsmith/caddy/stable";
};

Yep this works

Again thanks for taking the time to help and explain this to me

How much was your latency out of curiosity?