F-Droid build APKs themselves from source, so presumably 0, as they don't allow APKs to be uploaded.
F-Droid does do some safety checks themselves already too, I don't know exactly what.
Edit: Perhaps I am mistaken... but I think the linked post was referring to users adding additional repos to the F-Droid store, not the default F-Droid repo??
The objective with adding a third party repository key IIUC, would be to not need to prompt about installing from unauthenticated sources if they're installing from a third-party repo; so the fdroid key for the APKs that they or a CDN host would be verifiable.
It would be good to scan the sources with SAST and DAST and scan the APKs once they're built too.
What source do you have the Gemini is profitable? Are you referring only to the chat app, or to Google'a AI Ventures division? Or including Google Cloud AI related revenue?
Not agreeing with the parent, but that hardly matters. Google has a real business, advertising, that brings in $400 billion a year and income around $150B. They can afford to throw away tens of billions every year while still remaining immensely profitable and quite solid as a business. OpenAI has no such income to spend so it's as the above comments reflect, entirely unsustainable while Google's spending on AI is a drop in the bucket for them.
The US Postal Service seems to derive upwards of 90% of their revenue (Or at least of the mail I receive) from similar scams. Are they going to have the same fines applied to them?
And you can't escape. Facebook is less of a concern because you can just not go to the website and you're good. The US Postal Service is the basis of an entire huge industry devoted to finding you at your physical location to try to scam you.
You have a very different profile of junk mail than I do. While the services may be overpriced or of dubious quality, they are rarely outright scams the way FB marketplace frequently is.
The US Postal Service doesn't serve the American people, by its own admission. I can find the quote from the Postmaster General if you like, but the gist of it was "the 400 direct mailers are our customers". They are a spam company that has outlived its usefulness, if ever it had any. Don't fine them, dissolve them.
How would you find a government entity? This is just moving money from one government budget to another.
The USPS is like this because of the persistent belief that it's not enough for government entities (think USPS, Amtrak, etc) to provide a good service for the citizens - they must also (try to) turn a profit.
If we as a society considered it acceptable for the USPS to spend money to ensure everyone in the US had mail access without selling out to corporations to turn a profit, they wouldn't need to have products like EDDM blasting spam to entire zip codes.
The whole governmental agencies should be profit seeking businesses needs to died ignobly in a ditch. The reason we pay taxes is so that we don't have to handle the logistics of running the thing we pay for.
I don't even star the vast majority of packages I use... I usually only star repos I don't use but find interesting and may want to refer back to in the future.
And completely excludes projects not hosted on Microsoft's GitHub or NPM (Though they do say you can contact them if you don't meet their insane criteria).
Graphene doesn't really try to stop you. They just don't spend their own efforts on making it possible. It is OSS so, your free to spend your efforts where you want to.
It would require a significant commitment of limited resources to broadly support insecure devices with very little upside, and to do so would constitute gross mismanagement of the project.
Meanwhile, others are completely free to fork numerous GrapheneOS improvements or benefit from their upstream improvements (as some have, including Google).
I never mentioned any commitment except accepting pull requests, did I? Qubes can do that and doesn't require a fork. Are you saying they have much more resources?
Every accepted PR for supporting insecure phones eventually becomes a maintenance burden, and potentially a security vulnerability. If they don't want to spend time on it, it's okay to decline such PRs.
You're being disingenuous here. What is the value of accepting pull requests with no intent to approve? The rhetoric you're using here is on a I'm-just-asking-questions level.
You're not being consistent in what you're advocating. You mentioned accepting pull requests in the context of wanting to see broader device support. You want broader device support. I do too, which is the value of the Motorola announcement. Your suggestion isn't the way to achieve that. It just isn't viable for reasons you should reasonably already understand. But since you don't...
It shows yet again you just don't understand the project, how it's structured, and what its goals are. I'd say you should try running it, but you're still murky on the actual nature of the OS you use daily, so there would be no point in my suggesting that.
Assuming all you want is broader device support while magically not increasing the GrapheneOS team's overhead, but for reasons you haven't stated won't accept forking it, you're out of luck, which is right where you should be.
Still, why? If you want hardware which lacks security features to run an OS, the primary value of which is its close integration with said hardware security features, what is it you really want, then? A degoogled Android OS? That already exists. Are GrapheneOS's "software" security enhancements (as if we can say "software" in the context of security in total isolation) their quality-of-life improvements to the OS that you're after? Many of those would greatly degrade in value if you couldn't trust the hardware it's running on. You'd get storage scopes, but you'd get it without a file system you could trust. You'd get network permissions but you'd get it without baseband isolation you could trust. You'd get x, y and z, without memory tagging.
If that's what you want, you can get that elsewhere, and should.
But by the conditions you set up, you're also effectively asking for code contributions by outsiders, when the project very deliberately and by all indications very tightly manages who can contribute code, and for good reason. The history of open source is the history of malicious code injection and social engineering attacks. If you want the device to be secure you have to address security from all angles.
Unless you're really, genuinely, nonsensically proposing the project commit resources to allowing people to suggest code changes they have no intention of ever implementing. Though I suspect at that point you'd argue in favor of some code base changes, while not having addressed the fundamental implications of doing so.
You're doing a great job of arguing against yourself, here, and have highlighted a fundamental challenge with Qubes OS. As an active user on the forum I'm sure you've seen the reasoned discussions weighing the pros and cons of accepting code contributions. If your response to that is, again, 'there hasn't been a relevant Xen bug in two decades and my data has been safe this whole time,' that's a dead-end for understanding anything.
Your rhetoric in all this is very similar to the kind of thing one easily finds on normie websites about commonly divisive issues. At some point I just can't keep insisting you're either informed or sincere about all this, HN guidelines notwithstanding.
Graphene is OSS, so if you want to create a fork that supports other phones, you are free to do so. The maintainers have limited amount of resources, why wouldn't they focus those resources on the most secure hardware if that is what aligns with their goals? If you have different goals, create or fund a fork to support more hardware.
From the sources I have seen, that 10% was a projection for 2024, with goals to significantly reduce it in 2025 and 2026 onward. It also includes "banned" goods, which are not necessarily fraudulent nor illegal. I have not seen any data on whether or not Meta has achieved their goals of reducing fraud and banned goods advertising.
A grant can be for a lot more than $5,000. It can be for as much as the grant-making org has and wants to spend. Grants can be given on an ongoing basis as well.
reply