It doesn't stop Android Auto from doing whatever with the car data, but it's sandboxed to have no more default privileges than a regular app, so it can be denied access to your phone's data by default (apps, contacts, etc.). Wireless AA will only work if you grant it extra privileges; wired AA does not need them.
You can also "firewall" AA via something like TrackerControl, this would let you block connections to eg. Google Analytics servers without denying network access altogether (which would likely cause AA to stop working). I've only used AA with short-term rentals so I didn't spend too much time exploring these options.
> Beyond that, this is a laptop that is running a really shitty, 'apps only, no you cannot do anything useful with this' operating system. I have an awful lot of complaints about MacOS's relatively restrictive use cases, but it's still at least a General Purpose OS. Android on laptop is very much not.
Android 16+ offers a built-in integrated Linux VM that can be enabled from Developer Mode, and if this[0] third-party site is accurate, "Android on laptop" will have it enabled by default.
So it should not be too different from working on a Windows laptop with WSL2, or on an OSTree distro where you use distroboxes to work with non-sandboxed programs.
(fwiw, I would still refuse to have one of these for personal use because Google is a shameless data robber. Unless someone were to de-google Aluminium like LineageOS and GrapheneOS did for Android, but that would probably take years.)
> It’s such an annoying question because the honest answer is I eat what the locals eat, which is to say the most authentic Japanese cuisine is what you find in a Japanese supermarket. That’s what the people of Japan are actually eating.
Well, that's only true if you also observe what Japanese customers are buying and do your best to mimic their habits.
You could go into any Italian supermarket and fill your cart with weißwurst, avocados, and Camembert cheese - and they're all right there in the meat, fruit, and dairy areas respectively, not in an 'ethnic' corner - but it would be hardly a good representation of what the locals typically eat.
> so something that 95% of the users of Zed will end up doing?
Will they? I downloaded it for a test run, and there was no pressure to create a Zed account. I got the impression that it's something you'd do if you wanted to use their cloud AI services, and I can't really see why you'd want a third party involved instead of just bringing your own subscription to your favourite model.
That's correct. In practice we would often rephrase to avoid the double 'la', not because it's grammatically incorrect but because it is awkward to read (less so in speech). Compare:
French: C'est une citation de De Gaulle.
German: Das ist ein Zitat von Von Neumann.
Both correct, but one would probably add "Charles" or "John" between the two 'de' or 'von' just to break them up.
The cooldown is a defence against malicious actors compromising the release infrastructure.
Having the forge control it half-defeats the point; the attackers who gained permission to push a malicious release, might well have also gained permission to mark it as "urgent security hotfix, install immediately 0 cooldown".
I have not heard anyone seriously discuss that cooldown prevents compromise of the forge itself. It’s a concern but not the pressing concern today.
And no, however compromised packages to the forge happens, that is not the same thing as marking “urgent security hotfix” which would require manual approval from the forge maintainers, not an automated process. The only automated process would be a blackout period where automated scanners try to find issues and a cool off period where the release gets progressively to 100% of all projects that depend on it over the course of a few days or a week.
By "release infrastructure" I didn't mean gain admin access to github.com, I meant gaining the credentials to push out a release of that particular package.
Even in that scenario, having the duress pin option does not make things worse. It's functionally equivalent to smashing the phone, just easier to do with one hand.
i.e. whatever they do to you if you wiped the phone via duress PIN, they would already do to you if you managed to smash the phone.
> Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.
Important caveat: Tuta was required by a court to provide police with access to a customer's _unencrypted_ emails (ie regular SMTP mail). The police had also asked for a backdoor to Tuta's E2E emails, and that request was rejected by the courts.
But the idea behind Tuta and Proton is that emails are encrypted when they arrive in the inbox. The fact that emails sent between Tuta users are still safe offer little added value because distribution is far too limited. The reason people choose such a provider is that they do not want the authorities to have access to their mailbox, but this is undermined by a backdoor. Switzerland is much better off in terms of the legal situation in this area.
You can also "firewall" AA via something like TrackerControl, this would let you block connections to eg. Google Analytics servers without denying network access altogether (which would likely cause AA to stop working). I've only used AA with short-term rentals so I didn't spend too much time exploring these options.
reply