Few problems:

1. Safteynet (play integrity) and root detection

There are magisk tweaks to help combat this but its a annoying game of cat and mouse. Some apps like chase have particularly annoying root detection to deal with. Also regaring safteynet once google fully enforces hardware attestation passing safteynet with tweaks will be borderline impossible (most tweaks try to spoof older phones that don't support safteynet hardware attestation).

2. Widevine

Many streaming services (Netflix, Hulu, Disney, etc) will downgrade your video quality to 480p-540p due to L3 from unlocking the bootloader (a step thats usually required before you can root).

3. Physical security (potential risk)

Unlocking the bootloader is the first step to allowing for rooting and custom roms. One pro/con is when you unlock the bootloader you are partially at risk to a evil maid attack (some one with physical acess to your phone can compromise it). While difficult to do automatically (and probably very very rare) some one could hypothetically place a malicious bootloader that could steel data. The risk of this is mostly low but does exist.

Found a handy script to minimize this:

https://greasyfork.org/en/scripts/471718-lemmy-post-keyword-filter

Agreed whats more annoying is getting double X posts back to back

The problem comes down to education institutions. I remember when we got Chromebooks in my highschool (8 years ago) admins forgot to turn of developer mode and half the school unenrolled the Chromebook managing to bypass all restrictions. This went on for half a year until one day our school needed to run a state exam (more for measure of schools performance not as a college entrance exam or anything).

The computerized testing program required deploying a specific chrome app accessible when chrome book is logged out (can't just download from chrome web store). When they tried to push the client since half of Chromebooks were unenrolled it failed. This required the school it to recall pretty much all chrome books to manually re enroll all of them and disable developer mode (prevents unenrolling and prevents sideloading Linux).

Problem is if older Chromebooks are used for Linux in an educational environment there would be nothing stopping a student from whipping up a bootable USB and dumping another distro (bypassing restrictions). I'm also not sure if there is a enrollment mode equivalent Linux (there may be but not sure).

At least that's my two cents (not a school it admin just a memory from the past 😉).

Best reason would be if you were a reddit sync user in the past Lemmy sync would feel familiar.

It analogous to Apollo users feeling voyager similar (to an extent).

I do wonder how this compares to current payment processors (Visa, Mastercard, Paypal, etc)

Reminds of the 15 million merits episdoe in black mirror

🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿✖️

Silly question if you don't mind me asking, when you got the pop up:

• Which browser/adblocker where you using (also did you use any custom filters)?
• What device are you watching youtube on when you saw the block (windows, macos, ios, android, linux)?
• Where are you located? (like which country)

I never saw these popups just curious.

Also my setups using a web browser (no issues):

• (Mac OS Soma) Firefox Stable with ublock origen stock filters
• (iPadOS 17) with adguard safari content blocker stock filters

Setups with third part clients (no issues):

• Revanced android
• Smarttube (Fire TV)
• YTLitePlus (iPadOS)

Only time I every encountered the popup was when I used orion with its built in adblocker. And even then I gat one warning (no metion of 3 strike policy). Only change now is the added a 3 second timer to the dismiss button.

Edit: Ublock origen and firefox as usual no issue

Actually in your case our school has a BYOD program (bring your own device) in which you can bring your own laptop with whatever flavor of OS. Firewall would restrict you, your device would be considered untrusted, and in testing a loaner locked down chromebook would be provided. The issue comes with non BYOD devices.

Now lets assume a school has 1k students. If they allowed os unlocking and allowed students to tinker with the os. Then they would need 2k chromebooks 1k unlockable 1k locked down for exam administration (assume the whole school needs to take it at the same time). From a admin/IT perspective why should the school need to pay double the number of chrome books just for a few students to install their favorite brand of linux.

Even under the best circumstances where support queries aren't increased (from students softbricking/ not knowing how to use linux) and say they are able to preserve 1k unlockable chromebooks, admins would still need to replace the other 1k locked down chrome books at end of software to stay in compliance with testing software (negating any financial benefit).

On Firefox Nightly looks like they have v3 enabled

If your willing to deal with self hosting, immich is a great alternative. Its facial recognition and search is practically on par with google photos.

The only downside is it doesnt' have photo editing, and its under active developmeant (it gets weekly updates and you occasionally need to modify docker config though they do give a warning in ui).

https://github.com/immich-app/immich

data source for these vulnerabilities

Are you refering locations for vulnerability disclosure or are you more referring to bug bounty?

Personally, I'd just put everything behind a VPN. The attack surface is much smaller.

Fair enough

This might sound silly but assuming you are using firefox or even safari how will this proposal affect these browsers. Only thing I can currently think of is banking sites (on android) would force you to use chrome and check play integrity (safteynet) to block acess.

At the end of the day won't this only affect people using Google chrome? (Forks of chrome, firefox, safari could by pass the issue)?

Sorry if I seem a bit ignorant

I see it as pointless and potential risks tarnishing the image that third party apps helped improve reddit (especially to normies/non techies who only use the official app and website).

What I don't get is what will damaging the ipo achieve now that a lot of 3rd party apps are toast (Apollo, rif, reddit sync). Even if spez or reddit as a whole did a full 180 nothing would change on the prospect of 3rdparty apps.

Only thing reddit can change is improving the first party app and mod tools (given their stance was the api was never meant for 3rdparty apps after flip flopping).

As a user you have more or less 5 options:

1. completely switch to Lemmy (or similar alternative).

2. use the official reddit app and deal with it

3. use social media less (pull the plug overall per say)

4. Use a paid subscription 3rd party app (example infinity for reddit

5. use a modded version of 3rdparty apps with custom api or the official reddit app modded (ex vanced)

I hope this comment doesn't come of too corporate or shill like

I have a fire tv cube just direct launch into apps to avoid this. For example instead of powering on the fire tv with power button I tell Alexa to open the app I need.

Down side is this doesn’t really work with sieloaded apps like smart tube

Kinda a weird question regarding DoH on android. Is there a way to have DoH bypass certain local domains without implementing it router level.

For example at home devices use a prefix like router.example.com or homeassistant.example.com (on internal lan). Some services on the domain are portforwarded while others are only available via internal net this causes issues when trying to acess internal devices.

On ios (in NextDNS specifically) there is an excluded domains feature which allows this. Unfortunatley android doesn't seem to have a similar option

Depends on the community. I do comment more than I post.

I just restarted my computer and relized it was a macos bug. Now I have no issues

I know this isn’t YouTube’s fault but one thing that bugs me about yet premium is when creators dump baked in ads.

As a user you have 3 options:

1. Deal with it and manual skip (in a way this feels like skipping commercials on cable tv Dvr)
2. Get ready to buy a ton of patreon subscriptions (kills the point of getting yt premium).
3. Get a modded client/ use browser extensions and use sponsorblock

Now the one exception to this is nebula where like YouTube you pay an all access fee but no baked in ads (I pay for this currently).

I do wonder if creators had the option to make videos available via YouTube premium only (say early access and no baked in ads). Would more people pay and would creators use this system? (They wouldn’t have to worry about demonetization).

Curious on your thoughts

Unfortunately google is aggressive at spam filtering. For example when I signed up for bookwormstory.social the confirmation mail was sent straight to spam automatically (I had to fish it out and mark it not as spam) 😔

remote UI connection passes through the Home Assistant Central servers, the Central servers could maintain that safety database and off switch

I think this is how home assistant handles it. When they put out a cve they can update the insecure version list which makes nabucasa refuse remote forwarding (until you update).

Initially I was just thinking if a open-source project is on github and uses the security disclosure feature if it would be possible to pull data from it and disable remote acess (either by auto shutting down the service or simply disabling routing on a reverse proxy).

Having a system that does without a security disclosure list from a project maintainer would be far mor difficult like having the proxy disable one of your services if it detects a vulnerability in a dependency.

Sorry about that (didn't think that far when making the post 🫠 ).

I updated the title

It sorta does. Nextcloud creates a list of placeholder files with a .nextcloud extension and when you open it nextcloud will auto download the realfile and open it.

Update regarding virtual files has more quirks.

• You cannot move files or folders. If you try nextcloud will simply copy the files to new destinaiton while not moving.
• the nextcloud sync and virtual files refresh/update independently (a change may propigate to sync but not files and vice versa).

Also turns out the reason it was a github release was it is still in alpha 😅 .

Good point.

I kinda wonder how this will play out with ads. While apple is dipping their toes in advertising I suspect their main target appstore/ios apps not the general web (where content blockers exist and can block ads).

As per restricting legacy devices I doubt websites need to implement web integrity or private acess since they can just block acess via user agent (if some one tries to spoof anyway site won't load due to outdated webkit not being able to render).

https://developer.apple.com/news/?id=huqjyh7k

Quick question is there normally a long federation delay between kbin and Lemmy?

For example while making a post/comment may be instantaneous, I noticed when using the edit feature for comment title there is a massive delay (6+ hrs sync delay for title change).

Curious is this common or more of a one off

Not to sound like a downer but I kinda gave up on custom roms. Few problems:

1. Play integrity/Safteynet. On roms like lineage os its a nightmare to maintain this, in the past you could use spoof custom props, but maintainer dropped support for the module. Also using safteynet bypasses typically requires magisk which trips root detection on apps like chase banking (making a annoying cat mouse game). The only work around I found so far is using custom roms with saftey net bypass built in like Pixel experience and Evolution X but those have problems (explained bellow).

2. Random reformat requirements (specifically Evolution X). Every 3 months a clean reinstall is required because of changes in underlying os (like ERofs). Sure tools like Migrate and SwiftBackup can help simplify but resetting things is a pain. Its worse if you use android wear device (like galaxy watch) since every reset means a manditory reset of the watch aswell. This also kinda leaves you in a place where if you need to reset and say your close to the next major android release is it worth resetting or waiting for the next version of android to drop since ANOTHER reset may be needed.

3. Toxicty in XDA/telegram. Idk if its just me but sometimes on telegram people just feel angrier?

Example conversation (good and bad interaction). Background context I was using evolution x and maitainer stepped down. I was considering switching to pixel experience but wanted to ask about evo x maintiner leaving since was wondering if it was due to a technical issue and if said technical issue might impact pixel experience.

Question with good interaction:

Follow up hostile reaction from a different user (I didn't add any new context/messages from first message):

I will admit I may have gone slightly off topic and may have been a bit premtive in asking the question (since a new maintainer picked up the torch within 2-3 hrs), but in the past with pixel experience when the maintainer quit no new maintainers came for 3-5 months (and safteynet broke during that duration).

Sorry if this post kinda sounds grumbly. I want to like custom roms. I'm still using the Feb version of Evo X since its feature set is arguably better than oneplus oxygen os but it kinda becomes a trade off do you want more features and more maintences or accept limited number of new featuers (for only 2-3 years) but with less overall maintence.

Your kinda right. It's more the back to back nature of Elon posts that's annoying.

I kinda found out changing Lemmy's sorting algorithm from Active/Hot to New posts helps spread out the news (and even helps unearth lesser covered issues).

The only thing reddit can do is improve the first party app and mod tools. The rest is lost.

That being said I doubt the protests are reddits biggest priority. Even if reddit ipo's perfectly and gets a injection of capitol (which might itself be difficult since investors don't seem to care about userbase growth anymore) they are going to need to find ways to increase profits each year (like every other publicly traded tech company).

Advertising revenue is also limited given trend to cut "unnecessary expenses".

Beeper did mention the DMCA protection on reverse engineering.

That being said regardles if beeper wins or looses. If apple sues and at the same time breaks beeper mini they could run into financial trouble very quickly.

I do use sponsorblock 😅

Only gripe is your stuck to the web version of youtube (especially on ios).

If you want sponsorblock in the native youtube app you have to side load a mod which means either dealing with apple's 7 day limit refresh or paying for a apple dev acount/ signing service subscription.

Android there is revanced (no sideloading subscriptions needed).

On a final note I am considering trying https://grayjay.app/

It bundles odessy, nebula, youtube and a few other platforms in one app (it also includes sponsorblock and return dislikes for youtube).

Just checked, it's working fine for me Seadroid: 3.0.0 (from fdroid) Server: 11.0.8 Pixel 8 android

I had the googlw play store version which was 1 year out of date. Reinstalling from fdroid fixed the issue.

Edit: seafile doesnt seem to play nice with microsoft word android. I can open files just fine using the browse tab but can't save files

Same 😔

Unfortunatly like syncthing nextcloud mac app also has the same file extension sync issue (they use .nextcloud).

This is how it shows up for me on Nextcloud desktop client 3.13.0

Update the stable client does have proper virtual file sync.

Regarding the previous virtual file sync system (.nextcloud) you had to enable experimental features to get it. The latest stable just has both versions of syncing and I missed the obsious vfs sync option.

The only downside to the new system is there isn't a make file/folder available offline always option in the context menu (you can get around this by manually setting up synced folders but it is a little inconvient).

Nextcloud desktop client 3.13.0

Edit 2:

You need to grab the release from https://github.com/nextcloud-releases/desktop/releases/tag/v3.13.0

Specifically the vfs version Nextcloud-3.13.0-macOS-vfs.pkg

brew doesn't really work