As I said, few years ago.

Remember how few years ago there was a massive outcry when U2s album was downloaded to devices without permission?

Companies can bleed ridiculous amounts of money if it means that they can push competition out of the market. Couple less profitable, or even negative, quarters are fine, if they’re expecting good enough return for that investment. So, they’re still firmly on track with maximum profit hunting, sometimes it just takes some money to make even more money.

And that’s exactly why it’s called Krita. Also it was previously called ‘Krayon’, so they just kind of kept the name.

Not surprising at all. Every worker everywhere does this if they have some sort of ‘tokens’ they need to consume. Helpdesk ticket count is one pretty common with IT-folks and it’s easy enough to boost if you just write one from every single small thing you’ve done for the day.

None of these obviously are beneficial for the actual work getting done, but as the game is ‘make KPI numbers look good’ then that’s exactly what gets done.

There are various mesh-network projects around and it’s better than nothing, but their issues tend to be pretty low bandwidth and physically limited area. Wifi-mesh in a somewhat densely populated area is technically possible, but technology says that you need to be pretty close (100m give or take) to the next node. On rural areas people have built pretty long range wireless jumps without ISPs but hardware requirements for those are a bit different and you’re relying heavily on the node next to you in upstream direction.

Then there’s things like LoRa Networking, but their bandwidth is very small and it’s really only suitable for SMS-style messaging with pretty low traffic, but it can reach up to 10km between nodes. AX.25 over amateur radio has range up to hundreds of kilometers, but it’s also pretty slow (~1kbps).

So, in practise, the best would be to use something like NNTP and distributed servers across the mesh network where you’re less dependent on long range high speed communications. Modern web experience or instant messaging just isn’t really feasible over any mesh network with current consumer-grade hardware.

I don’t know about running the whole internet over peer-to-peer network, but my home server is pretty much the ‘main’ computer and while phones an laptops obviously have data locally it’s also synced to the server so losing one mobile device isn’t really a big deal (besides money to get a new one). Immich for photos, nextcloud for other data, radicale for contacts and calendar and self hosted imap-server for emails.

Obviously the devices are still very much personal, but it’s easy enough to wipe and start over if needed. For remote wipe I still need to rely with google on phone and with laptop there’s currently no way to remote wipe it but it’s running with encrypted drive anyway so it’s only the monetary value of the thing in case it’s lost.

That is a problem, I agree. But I still feel like it would be beneficial if there was some standard on HTTP or other protocols which could limit user access based on PG-rating instead of everyone developing their own approach. It could also be something like robots.txt, but for PG-rating, where client would do the verification.

And, as I already mentioned, that should be strictly local only setting and only for parental/guardian controlling what minors can and can’t do with their devices.

There is a very good argument for OS level age ‘tracking’ as a means of creating a cohesive environment for software and websites to operate without having to implement individual age verification. The biggest actual issue here is how the OS determines what the user’s age is.

I agree with you on this. I wouldn’t mind if there was a mechanism on browsers which would send ‘child/teen/adult’ (or whatever they’d be called) data to websites in request headers since they already report a ton of stuff to the server anyways. It would be trivial for adult sites to check one header and limit access based on that. But the setting needs to be local only, so that parents could easily set restricted accounts for their kids. The point where user age must be validated via any 3rd party it’s no longer about parental controls and the whole thing becomes a surveillance tool.

Also the limits should be agreed somehow on at least somewhat global basis so that it’s only used for porn/gore/horror and other stuff like that. Things like sexual education, religious topics (likely both pro- and against-), medical stuff and things like that should be left out of the filtering. But as with practically every ‘think of the children’-thing proposed for the internet it’s got nothing to do with children nor used only for that.

This, in turn, is different from APT, which is not Debian’s repository, but Debian’s package manager. So, technically, I could write “sudo apt install (anything)” to get any piece of software from Debian’s repository indeed, but I could also use that command to get software from somewhere else also in the form of a Deb package but which would not have come from Debian itself.

With apt (and discover which uses apt/dpkg at the background) you can install anything from repositories configured on your system. So, if you want to use apt to install packages not built by Debian team you’ll need to add those repositories in your system, so they don’t just appear out of nothing.

Some software vendors offers .deb packages you can install which then add their own repository on your system and then you can ‘apt install’ their product just like you would on native Debian software and the same upgrade process which keeps your system up to date will include that ‘3rd party’ software as well. Also some offer instructions on how to add their repository manually, but with a downloaded .deb it might be a bit easier to add repository without really paying attention to it.

Spotify is one of the big vendors who have their own repository for Debian and Ubuntu and with Ubuntu there’s “ppa” repositories, which are basically just random individuals offering their packages for everyone to use and they are generally not going trough the same scrutiny than official repositories.

So creating an onlyfans account using Grok is profitable?

Finland has similar thing, but it is not capped. There’s a ton of 100 000+€ fines given around here. Obviously with Musk it would be a bit different, since the fine is based on actual income, not some imaginary monopoly money on the stock market.

This does not apply to “installing software”.

So it doesn’t apply when I click the big button which says ‘Install’ on F-Droid app on my phone?

And it does come with risk,

Just like installing software from the ‘secure’ Google Play store.

Installing software is installing software, no matter where you get that software from. That’s it. You can try to twist that with nuances on terminology or invent new ones, the end result is that an piece of software is installed on the system and nothing more. It doesn’t matter if the software came from play store, f-droid, steam, windows store, shady google drive link or the pirate bay. It doesn’t matter if you’re a power user or never seen a smartphone before in your life.

Sure, there might differences in potential security, compatibility, licensing and whatever, but it is still a piece of software being installed.

“installing apps from outside the Google Play Store”

To me that implies it’s somehow different than just installing software. You could say ‘install from play store’ or ‘install from f-droid’ if you need to specify which app repository you should use, as that what it is. Sideloading might be an appropriate term if you need to upload apk to your device via USB-cable from your PC, which the term originally meant.

to make it sound somehow dangerous or complicated in order to justify

[Citation needed]

From the article:

This “advanced flow” is for power users and enthusiasts who “want to take educated risks to install software from unverified developers.” Google says it was “designed carefully to prevent those in the midst of a scam attempt from being coerced by high pressure tactics to install malicious software.”

Sure, the term itself comes from 1990s, but lately specially Google tries to twist that to mean something only ‘power users’ do and it comes with a ‘educated risk’.

Do you consider installing games to you PC from Steam sideloading too? What about downloading Firefox installer? It is installing software on your computer, no matter if that computer happens to be in a cellphone form factor, and always has been. Sideloading is a made up term to make it sound somehow dangerous or complicated in order to justify even bigger walls on the ecosystem garden and control how people use their own devices.

“This is Android’s new ‘advanced flow’ for INSTALLING apps without verification”. Sideloading is such a bullshit term made only to confuse consumers. They can wrap that in sparkling wrapper, but it’s still security theater at best and definetly misleading. Apps from F-Droid or any other app ‘store’ are not any less safe than the ones at googles own offering.

Pretty much all ‘major’ distributions (Debian, Ubuntu, Mint, Fedora, openSuse…) have 20+ years on their belt and none of those are not likely to go away any time soon. Some niche variants of those might vanish, but the main distributions will be there.

You are on the right track. Installing Debian packages don’t require password to access shared libraries but to write into system wide directories. That way you don’t need to install every software separately for every user. Flatpacks are ‘self sufficient’ packages and thus often way bigger, since they don’t generally share resources.

From security point of view there’s not much difference in every day use for average user. Sandboxed flatpacks can be more secure in a sense that if you harden your system properly they have limited access to the underlying system, but they can be equally unsafe if you just pull random software from a shady website and run it without any precautions.

Flatpacks tend to have more recent versions of the software as they can ‘skip’ the official build chain and they don’t need to worry about system wide libraries. Tradeoff is that the installations are bigger and as flatpacks run on their own little sandbox you may need to tinker with flatpack environment to get access to files or devices. Also if you install flatpacks only for your user and you have multi-user setup other users of the machine can’t access your software, which might be exactly what you want, depends on your use case.

Personally I stick with good old Debian packaging whenever possible, I don’t see benefits of containers like flatpack on my own workstation. Newer software releases or using software not included in official repository are pretty much the only exceptions when flatpacks make more sense to me.

But there’s a ton of nuances on this, so someone might disagree with me and have perfectly valid resons to do so, but for me, on my personal computer, flatpacks just don’t offer much.

We need to pick our battles. I don’t see much difference in paying Google for a service than having a Spotify family plan like I do. I know spotify has its own problems and my money would be more ethically spent on some other service, but with everything else going on life I can’t be arsed to switch to anything right now. For me it gives enough value for the money spent and that’s good enough for now.

Age verification is one thing, but I routinely verify my id online. Banking, insurance, taxes, various other government things, car registrations, some of the kids school stuff and so on. We have pretty decent infrastructure in place here in Finland and the entities I identify myself online already has my info anyways. I can use either my banking app or mobile verification to securely prove I am who I claim to be and the systems have roughly the same user experience than MFA tokens.

Each of those are roughly zero-knowledge, the website I log in receives just “User with login token xxx is IsoKiero with SSN 123456789” and the tokens expire after a while. Also there’s restrictions in place that my insurance company can’t just sell my data to whomever unless I opt-in for their “marketing” program (not going to happen) and even then there’s some limitations on how they can use the data.

The same system could be adopted to age verification, but that’s a whole another can of worms.