> My goal now is to use less words to convey an idea.
This is what I'm encouraged by Grammarly as well. To some extent, perhaps the book "Elements of style" encourages this too.
However, I read Mary Shelley's Frankenstein. She writes long (wordy?) sentences that are clear, and even feels beautiful to read. I really enjoyed her writing.
But I'm not a native speaker. A question for the native speakers: what's your take on this? Has Shelly's writing style gone out of fashion, or are these two (Shelley's style and succinctness) different things?
I'm not convinced that we can spend quality time with loved ones outside work while spending most of our time at work pretending, and doing useless or unnatural things. I think what you practise shapes you.
A free OS will empower developers to implement technical workarounds that could trick these apps into working there. If the OS is tightly controlled, we have no recourse.
Even in the worst case scenario, we could use a cheap big-tech-approved phone for these applications (a glorified digital token) and use the free phone for everything else. When there's enough adoption and trust in the new phone, non-technical avenues are available to influence these organizations to accept the alternative.
I've kinda migrated to the worst-case scenario already and it's really not that bad - for my use case.
I have an old phone (actually running LineageOS rather than stock) that works as you perfectly describe as a glorified digital token. This device doesn't come with me. There's no banking I need to do, on a day-to-day basis, requiring said token, that has to be done right now or the world will end. It can wait until I get home (and I usually use the bank's web interface from a desktop). This device has minimal other apps installed, which limits bank app accessibility of other app data, and other app accessibility of bank data.
Then my GrapheneOS daily driver serves my day-to-day needs with minimal data leakage, tracking, ads, other general paranoia-inducing modern-life shit.
I pay for things on a day-to-day basis with a physical debit card due to an existing habit of not wanting to depending on a single device for "all the things", so GrapeheneOS wasn't a downgrade, but it should be noted to others that whilst Google Wallet can run on GrapheneOS, NFC payments through the Google Wallet will not work due to Full SafetyNet requirements that GrapheneOS can not pass. Non-NFC items such as tickets and boarding passes have been reported to work (and I'm pretty sure I've used it for that, although Google Wallet is no longer installed on my device).
That is a slight concern, but I don't see it happening, at least in Australia for the big four banks, in the near future.
If that became the case, then the 'glorified token device' would become the dedicated banking device, and not much else would change (ie. I still wouldn't be doing 'banking' while I'm out and about).
I hadn't migrated my life to any of the (tiny, possibly zero) convenience improvements that "mobile banking" may offer me, so none of what I've described has been any kind of downgrade in 'living'.
(I don't mean this in a sarcastic way) are you able to make tangible what 'living' I may be sacrificing?
Having a separate phone as a "glorified digital token" is probably within the top 3 things you want to do anyway if you are serious about digital security.
Also, if your bank uses SMS for verification then the phone should have its own phone number which you keep secret. Otherwise it's one data leak and one sim swap attack (https://en.wikipedia.org/wiki/SIM_swap_scam) from breaking your SMS verification.
> A free OS will empower developers to implement technical workarounds that could trick these apps into working there.
Not if they require something like hardware-backed remote attestation, and only accept such attestation from Google or Apple.
I'd love a practical Linux phone, and being able to run a deblobbed close-to-mainline kernel on a new-ish phone would help with that, but that doesn't really solve the most user-facing problem of mobile phones, the ecosystem lockdown.
You can trust hardware and software that's easy to inspect.
If you can't be sure what's going on and unable to inspect or debug the hardware and software, how can you trust it's doing what you want?
Proprietary hardware and software is already known to work against the interests of the user. Not knowing exactly what's going on is being taken advantage of at large scale.
Let's put it this way: if you can choose between making your own lasagna with a good recipe vs ready-made microwave lasagna. What would you choose? How about your suit? And would you trust an open known to work well pacemaker vs the latest Motorola or Samsung pacemaker? Would you rather verify the device independently or pay up for an SLA?
No software is "easy to inspect". Only a tiny fraction of users will ever even try. When things are inspected and problems are found, you need a way to revoke the malicious bits. You'll never notify everyone, which is one of the roles app stores play.
You trust hardware and software by establishing boundaries. We figured this out long ago with the kernel mode/user mode privilege check and other things. You want apps to be heavily locked down/sandboxed, and you want the OS to enforce it, but every time you do you go up against the principles of open source absolutists like the FSF. "What do you mean my app can't dig into the storage layer and read the raw image files? So what if apps could use that to leak user location data, I need that ability so I can tell if it's a picture of a bird"
For sensitive information - such as financial transactions - the rewards for bad actors are simply too high to trust any device which has been rooted. The banks - who are generally on the hook if something goes wrong, or at least have to pay a lot of lawyers to get off the hook - are not interested in moral arguments, they want a risk-reduced environment or no app for you - as is their right.
> For sensitive information - such as financial transactions - the rewards for bad actors are simply too high to trust any device which has been rooted
In practice, that just means you trust a Chinese black box Android ROM from a random manufacturer, but not a fresh Lineage OS. To run some banking apps there, one has to root it and install all kinds of crap to hide the fact that your phone is running an OS you actually can trust.
I don't think it's right, I don't think non-manufacturer provided ROMs are a real danger in practice, or rooted phones, and I think this is all just security theater and an excuse to control what people do on their own devices.
> The banks - who are generally on the hook if something goes wrong, or at least have to pay a lot of lawyers to get off the hook - are not interested in moral arguments, they want a risk-reduced environment or no app for you - as is their right.
If they pay for the phone and ship it to you then I agree. Otherwise, they have an obligation to serve their community (part of their banking charter) and that may include meeting their customers where they are, rather than offering an app with unreasonable usage requirements.
No charter requires allowing access from any device. The charters don't even require banks to be open during hours most of their customers are off work.
> You trust hardware and software by establishing boundaries. We figured this out long ago with the kernel mode/user mode privilege check and other things. You want apps to be heavily locked down/sandboxed, and you want the OS to enforce it, but every time you do you go up against the principles of open source absolutists like the FSF. "What do you mean my app can't dig into the storage layer and read the raw image files? So what if apps could use that to leak user location data, I need that ability so I can tell if it's a picture of a bird"
Well, no. The objection isn't to sandboxing apps, but to sandboxing the user, as it were. On my laptop, I run my browser in a sandbox (eg. bubblewrap, though the implementation of choice shifts with time), but as the user I control that sandbox. Likewise, on my phone, I'm still quite happy that my apps have to ask for assorted permissions; it's just that I should be able to give permission to read my photos if I choose.
Users can't be trusted. They don't read. You can put a popup that flashes in all caps saying "THIS WILL GIVE ACCESS TO YOUR BANK ACCOUNT" and users will blindly click OK to get to whatever they think they want, be that an Instagram feed, a game, or whatever.
That's not a good example. My bank issued a token device which scans their code, asks me my pin, prompts me what's going to happen and asks for confirmation. Then I can enter the digits to proceed.
This is reasonably secure. If you hijack my account, you still don't have the hardware device and the random secret that was set up between the device and the bank.
You need to actually hack into the bank itself to transfer my money elsewhere.
Meanwhile, I only access the bank with my own computers. That means I installed them and have root. Not a problem at all.
The threat models aren't secret algorithms, they're apps reading the contents of the screen, stealing keystrokes, MITM attacks against 2FA, and much more.
I don't have this problem on my computers, they run free software. My wifes thinkpad runs free software. The friends I gave a computer with various GNU+Linux distros don't have this problem.
Add Google Chrome with its spammy extensions to the mix and they start getting problems.
So, things that can be exploited on a stock Pixel with no user root? This is a weird argument to make at the same time as https://news.ycombinator.com/item?id=45588594 is on the front page.
There’s no way I’d trust open source anyone with my health. And I am not sure there is one open known to work well project, let alone a pacemaker that couldn’t possibly be funded in the open source world. What open source hardware is actually more usable than the closed source alternative for most people?
Should the app builder’s ability to “trust” that the hardware will protect them from the user supersede the user’s ability to be able to trust that the hardware will protect them from the app?
In other words, should the device be responsible to enforcing DRM (and more) against its owner?
If winning means mass adoption, I think by definition free software won't win while remaining free.
If a tech becomes main stream, corporations (and people) begin commercializing it. The de facto strategy in our era for commercializing any tech is surveilling its users.
If a technology can't be harnessed, corporations will contain if not outright kill it.
We've seen this time and time again. So, the only way to win, in the sense of surviving and thriving, would be for that tech to fly under the radar. Remain in the hands of individuals who care and build it for themselves. In that sense, there are many free software that have already won.
My question is, why on earth are people obsessed with things like the year of the Linux desktop, and more people adopting their software.
Fragmentation is probably the only way free software will remain free.
When professionals use Arduinos for such use cases, do they use the Arduino software platform or do they use the chio verndors' toolchains? Just curious how the professionals work with these things.
It depends, really. Mostly on who does the project.
Some people hail from hacker town and will use whatever they have at hand. Some learned on vendor tooling, and would want it to be "proper", and would always try to use a vendor SDK with a vendor IDE. Some learned on vendor tooling and prefer not to use vendor tooling for "familiarity breeds contempt" reasons.
As a degenerate case: I've seen software for an ESP32 board that was prototyped entirely in Arduino IDE, and we almost shipped it that way. Because the prototype team cooked, and when the "make it an actual product team" tried to remake it in ESP-IDF, they ended up with less features and more bugs. They got it together eventually though.
Thank you for sharing. As a hobbyist with a devotion to the field, I'm fascinated by how the actual professionals work. It's a very challenging domain.
From what I've heard (primarily in the music hardware space) is that it depends. Some use Arduino's software and language while others use the lower level toolchains.
This is prototyping mostly so I'm not sure if any of the Arduino code actually gets shipped with production devices.
> My daycare sends me updates, my barbershop tells me when they're closing and I used it to sell my fridge.
To consider the other side of this, read "The age of surveillance capitalism" by Shoshana Zuboff (really read it though, not chatgpt the summary :).
All the benefits you mentioned are real. But, at what cost and could we have reaped the same benefits without surrendering all agency to those who can't be held accountable?
What are the costs? Seems like a huge benefit to me considering the alternative would be... I don't know. No updates? Maybe some shitty custom app that would 100% for sure have worse data security and privacy rights than something like Facebook?
Everyone's talking vaguely about the costs but no one actually makes a concrete case, where I made a concrete case of the benefits.
"Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better." - Edsger Wybe Dijkstra.
Simple/complex is subjective. Software domain is very diverse that it's unlikely we'd agree on them.
Take mathematicians, for instance. They generally have a shared sense of elegance/beauty. That's the result of a refined intuition from years of study.
Not sure why your comment was not received well by everyone here, however, that Dijkstra quote is definitely pertinent.
I believe that anyone can make something complicated and only the few can make something simple. This statement can be read the one way, I don't mean that anyone can make a lunar lander or an atom bomb, what I mean is that over-complicating something is something anyone can do.
At university I discovered another aspect of making things simple. We had one assignment to design a multi-storey car park. The purpose was to demonstrate the use of diagramming, and I handed in a single A3 sheet of paper, whilst all of my coursemates handed in sixty page bound documents. I felt that I was taking a bit of a risk but I was happy with elegant simplicity.
When we got our assignments back, everyone else had a mark and lots of red lettering. I just had a singular tick. I bravely plucked up courage to ask what the tick meant. Our lecturer told me that I had a perfect mark and that I was the only one to understand the assignment.
Since I was not confident in what I was doing, it required a lot of strength to resist the groupthink of the course. I could have folded to crib someone else's solution to turn in my own sixty page monstrosity.
Getting back to web development, I have frequently found myself working with colleagues that go for complexity because 'anyone can make something complicated' and because they lack the confidence to escape the groupthink that goes with doing so.
How is inferno? Is it ready for production? I'm not a frontend dev, but been looking for a light weight, fast framework. Inferno looked pretty good alternative to react.
This is what I'm encouraged by Grammarly as well. To some extent, perhaps the book "Elements of style" encourages this too.
However, I read Mary Shelley's Frankenstein. She writes long (wordy?) sentences that are clear, and even feels beautiful to read. I really enjoyed her writing.
But I'm not a native speaker. A question for the native speakers: what's your take on this? Has Shelly's writing style gone out of fashion, or are these two (Shelley's style and succinctness) different things?