I like the “encryption, but we have the keys” approach. Makes it very secure, especially since MS never had any security breach or leak, ever.

HTTPS isn’t only about encryption; it’s about talking to the right servers.

I’m trying a new approach. Since I won’t touch anything beyond W10, and W10 is getting officially phased out, I just informed people that I won’t provide tech support for W11 and beyond.

Not at all. I’m arguing that often, the issues, and fixes, are not distribution-dependant. Which is a good thing; it means we can go to arch forum and find fixes that can be applied in other distros most of the time, for example.

But people keep pitting them against each other like they’re some form of evolved lifeforms that necessarily have to erase others, when a lot of the issues are just generic software issues.

And, since this is already a justification post I’ll take the lead and note that it does not mean that there is no distribution-specific issues. Of course there are. The point is that most software issue in distribution X will have the same cause and fix in distribution Y, and often have nothing to do with either specific distributions.

People keep arguing about this or that distro.

Linux distributions are just a collection of software, initial settings, and sometimes online repository.

I know. It’s still sad this is encouraged, but there is little incentive to move in the opposite direction. Better to have a lot of braindead customers I guess.

Or just, putting the cap on the side and never have it be an annoyance whether you drink from the bottle, pour it in a glass, or whatever really. People complaining about that have issues.

People that can’t use their brain should not be our baseline for making stuff.

Ah, change.org. I remember when they said “you can sign a petition without an account, just a mail validation”, immediately followed by “if you don’t create an account, the validation link in the mail will not work, fuck you”.

Guess they didn’t really want people to engage.

“New device detected: mouse. Please wait…”

But the mouse is already working dude.

Heck, I have errors in windows log that are just “sure, let’s move on”.

It’s ok, they just started the “security first” initiative, we’re all saved.

There is no software solution that protects from a crowbar, you have to go to the hardware side.

You really are missing the point that if the device is rooted there is nothing an app can do to protect itself. Defense in depth is layering (sometimes overlapping) solutions that do something. Detecting root and saying “nuh-uh” is not doing anything.

So? If I, the customer, want to access my banking info, on my phone, with whatever means I want, I should be able to. As I said, it’s not like every app gets root access, if I, as the owner of the device, explicitly gave root access to something, it’s for a reason.

And the main point that a rooted phone can basically hide itself from any app remains; these “detections” are trivially bypassed in the exact situation they’re supposed to detect.

They didn’t even do that here, they just flat out blacklisted old CPU in the installer.

Out of curiosity, what GPU do you have that is not decently supported? Both the latest AMD and NVidia stuff is, at least for the general public stuff.

As long as we’ll have control over the software, it’ll be there. If we reach the point were you’re not allowed to own computers, we’ll have bigger problem.

Root access means any app installed could potentially access sensitive banking

That’s not how it work. Having a rooted phone does not turn it into a digital farwest were every application can do anything. It becomes a permission like everything else; if you only grant it to safe stuff (like, for example, not granting root to a single app but using it to customize your phone through ADB), there’s not much to see here.

Because they want to “protect” you from “yourself”. Imagine, you could scrape your own data that you can already see.

I’d be really worried if the security of server operation for my bank depended on the client-side. But playing devils advocate, some people will most likely point out that a root exploit on a phone may be unintentional and used to spy on people, to which I answer:

• show me a big scary box where I can “accept the risk” and move on
• keep in mind that if I am root on my phone, I can hide the fact that I am root on my phone and you’ll be none the wiser

Currently, option 2 is in effect, sadly.