I have smart lighting, but that's only because it means I can turn everything in the area living and eating room on/off with a single button/switch (not sure what the right English term is). In a typical Danish townhouse like mine that would be 4-8 buttons otherwise.
If I had an electrician redo the wiring, I'd do the same thing without the "smart".
Exactly. My electrician did a bunch of simplification--kitchen/dining had 3 different switches for historical/random reasons--and one room which never had a switch (originally an overhead pull-chain light) was redone for a variety of reasons given extensive down-to-the-studs work was needed anyway. Used a fair bit of X10 at one point and that one remaining room had an Alexa-controlled plug for a wall-mounted light.
(He also took out a ton of knob and tube wiring which gives you some idea of when the original wiring dated to even if a lot had been incrementally upgraded over the years.)
I don't know if they're available in other markets, but in the US I've been very happy with Lutron Caseta switches for that sort of "smart enough" use case. It generally all works like normal dumb switches if the hub is offline or doesn't exist, and you only need the hub to manage configuration or enable the remote control (outside home) features. The fact that the switches look like, act like, and install like traditional dimmers and control traditional light fixtures is really what sold me: I've never liked the idea of the smart parts being in something like a light bulb thats basically a replaceable wear item.
Since we are pulling numbers out of our asses can you tell me what good advice that 95% of the people aren't capable of following is? It's great that our national health institutes advices us, but can you explain how the advice isn't completely useless in this particular context? To me it comes off as arrogant and rude.
I didn't say 95% of people aren't capable of following some advice. That would be bad advice. I'm saying this is good advice, because 95% of people can follow it.
Ofcom is simply doing their job. I doubt they care about the users of 4chan. They will fine the company in accordance to UK law. Then if the company does not comply Ofcom will target their advertisers and it's Japanese owner who lives in France as well as having UK ISPs block 4chan. I can't think of any reason as to why France wouldn't work with UK authorities on this.
Contrary to HN and other USA tech forums might think, this will likely be recieved favorable by the the UK public.
For France to be legally able to give a shit Ofcom would need to go to court in the UK, pierce the corporate veil, and receive a final judgment against the owner of 4chan. Only then would they have some routes to petition French authorities for assistance.
There's no agreement between the UK and France that would require or even permit French authorities to enforce fines by a some random UK entity willy-nilly.
I quite like that Zig works a drop in for C in a few use cases. It's been very nice to utilize it along with our Python and regular C binaries. We attempted to move into Go because we really like the philosophy and opinions it force upon it's developers, but similar to interpreted languages it can be rather hard to optimize it. I'm sure people more talented than us would have an easy time with it, but they don't work for us. So it was easier to just go with Python and a few parts of it handled by C (and in even fewer cases Zig).
I guess we could use Rust and I might be wrong on this, but it seemed like it would be a lot of work to utilize it compared to just continuing with C and gradually incorprating Zig, and we certainly don't write bug free C.
> We attempted to move into Go […], but similar to interpreted languages it can be rather hard to optimize it. […] So it was easier to just go with Python
I don’t get that. You had trouble optimizing Go, so you went with Python?
We had Python and C. We aimed for Go. Now we have Python and C. Yhe deeper story is more change management than technically. We hoped we could obtain advantages from Go because we, perhaps naively, figured it would lessen the gap between programming and software engeniering. We have a lot of people who can build software, but few who can optimise it. We hoped Go would give us a lot of "free" optimisaton, but it didn't. It also wasn't as easy to transition not SWE's into not Python as we had hoped. We made no major rewrites, we instead build some of our new tools and services in Go. Some of these have been phased out, others will live out their lifecycles as is.
I personally really like Go, but I feel like I now have a better understanding of why so many teams stick with c/c++ without even considering adopting Go, Rust or similar.
Because why bother if you're keeping the C? Part of the reason for moving to Go was safety by replacing the C, not just to move away from Python. I'd say the mistake was thinking Python programmers would enjoy moving to Go. I've done it, and it was not enjoyable. I wouldn't mind doing just the tight peformance things in Go instead of C... But using Go for the high-level things that Python is great at, and where the performance is not an issue, is just silly.
As an EU citizen the biggest issue for me is that even if I bought a fairphone with grapheneOS, it might as well be a "dumb" phone. This is because all the apps to make our daily lives non-annoying require the Google Play or the Apple App store. So to me it's the lack of digital sovereignty from the EU and our individual countries that is the main issue. Sure it would be nice if big tech didn't close their platforms, but that ship appears to have sailed. If they ever get around to making these apps available through a different store, then I don't see why I wouldn't want a different OS.
We still need open hardware and more companies like fairphone to utilize it, but we primarily need the EU to get it's act together and break the reliance on big tech app stores. I know there are a few companies trying to build app stores with the necessary security compliance and if the EU wants to be serious about digital sovereignty it'll need to support these.
> As an EU citizen the biggest issue for me is that even if I bought a fairphone with grapheneOS, it might as well be a "dumb" phone. This is because all the apps to make our daily lives non-annoying require the Google Play or the Apple App store.
This is a common misconception I see around here, probably because people think Graphene is yet another custom rom like LineageOS, and haven't actually tried it for themselves.
GrapheneOS supports Google Play (it ships with an app that lets you install it in one click), it does NOT give you root access, and it goes through the extra effort of implementing the obscure security features that banking apps require. I won't say 100%, but maybe 99% of apps on Google Play will work on Graphene, including banking apps. This compatibility, along with the added security and privacy features are why it's such a big deal. It's not just hype around the latest shiny custom ROM.
Banking apps will work on Graphene if you have sandboxed Google Play Services installed, and if the banking app requires only a basic level of Play Integrity attestation. I got the same level of support with my previous LineageOS for MicroG phone as I have with my current GrapheneOS phone, it just required a lot more tinkering (and was a lot less secure).
I do appreciate the work the GrapheneOS team puts in toward compatibility, and especially the fact that they just got RCS messaging working. But any time Google or even an app vendor wants to tighten the noose, they can, just by requiring the higher, hardware-backed attestation level.
That page seems to be saying the opposite: hardware attestation would support GrapheneOS, whereas the Play Integrity API would not.
Anecdotally, both of the banking apps I use 'just work', and I haven't encountered any app that doesn't work. The closest thing was the Disney parks app a few years ago which would crash on launch until I disabled the hardened malloc feature for it.
I see "... and permitting our official release signing keys" there, which means you are swapping Google Android for GrapheneOS Android, and you can't use bogwog Android if you wanted to.
There is a list of apps banning GrapheneOS keys here, including govt apps, ticket apps, and McDonalds for some reason:
> you are swapping Google Android for GrapheneOS Android
No? You're adding support for Graphene's keys, not replacing Google's. Obviously, the main barrier is convincing developers of these apps to add support for Graphene's keys. However, this is only a problem for apps that opted to implement the Play Integrity API at all, which doesn't seem to be very common. All the recent monopoly rulings against Google may be deterring devs from implementing this obviously anti-competitive feature, and that's not to mention Google's new responsibility to offer the Play store app catalog to competing stores, thanks to the Epic case.
> The injunction issued last year by U.S. District Judge James Donato requires Google to allow users to download rival app stores within its Play store and make Play's app catalog available to competitors. Those provisions do not take effect until July 2026.
My point was that this situation doesn't allow for Software Freedom, since you the user cannot control the OS, its an unmodifiable blob unless you are either someone with a blessed key (like Google, or GrapheneOS devs), or are willing and able to to go without the apps that use the attestation APIs, or have one locked down device for attestation apps and a separate one that you can actually control. Probably the only way to deal with that is make attestation to third parties illegal, I assume governments and banks would get exempted from such laws though.
Android has a hardware attestation API that is compatible with GrapheneOS (if the app accepts GOS's keys), but nobody uses it. Everyone uses the Play Integrity API; GrapheneOS can't pass the "strong" (hardware-backed) level of Play Integrity, though it passes the weaker ones.
The Dutch electronic identification app, DigiD, uses the Android-native attestation API.
Also good to make a distinction between the different things you can do in an attestation procedure: bootloader/boot integrity checks, attest a specific key, and ID (imei etc) attestation.
On the other hand you can't sue a company for losing your data in many EU companies. You can report them to whatever data protection agency your country has, and after an investigation they can fine, and/or, in more serious cases turn the matter over to the police for a criminal investigation.
The disadvantage of this is that the local data protection agencies haven't been handing out very big fines. Sometimes that's due to company law. In my country you'd fine the owning company, which in many cases will be a holding company. Since fine sizes are linked to revenue and a holding company typically has no revenue, this means fines are often ridicilously small.
Who do you imagine will get fired? The CISO who's been recommending various security imporvements and been trying to get them implemented, but been unable to do so due to a lack of C level interest in IT. Or the C level's who lack interest in IT security until it bites them in the investor?
At least here in the EU we're moving toward personal responsibility for C level's who don't take IT and OT security serious in critical sectors, but in my anecdotal experience that is the first time anything regarding security has actually made decision makers take it serious. A lot of it is still just bureaucracy though. We have a DORA and NIS2 compliant piece of OT that is technically completely insecure but is compliant because we've written a detailed plan on how to make it secure.
Who currently gets fired due to engineering malpractice? It would be the same thing if there was actual certifications and engineering sign-offs in cybersecurity or other critical areas of development.
I wont pretend that accountability in the physical engineering world is all smiles and rainbows but at least there are actual laws dictating responsibilities, certification and other real consequences for civil engineers. When a Professional Engineer in Canada signs-off (seal) on work they are legally assuming responsibility which means the practitioner could be held accountable in the event of professional misconduct or incompetence regarding the engineering work. There is no reason but corporate greed and corruption why there isn't similar legislation in North America for cybersecurity or software engineering where you have professional bodies certify people to be legally obligated to sign-off on work (and refuse work that isn't up to standards).
But this would require introducing actual legislation which god-forbid how could we do such a thing to the poor market! It would stifle their innovation at leaking everyone's data.
There's no reason we couldn't extend the same existing system of licensure [1] that professional engineers require.
Sure maybe its overkill for someone stringing together a python app, but if you're engineering the handling of any actual personal information then this work ought to be overseen by qualified, licensed and accountable professionals who are backed by actual laws.
I work in solar, so we have quite a lot of hardware which doesn't run on free software. We couldn't patch part of our inverter pipeline because the hardware was proprietary and had no open alternatives. We had to pay quite a lot of money to find one of the original engineers and have them flown in to help us unlock it, so that we could replace the firmware with some we had a security clearance holding contractor write for us.
To be fair this is a story about not doing your due diligence and buying the wrong hardware, but I think it can give you some insight into what the article talks about. Because yes, you can install Linux, but can you install something on your blender when "BRAND" decides you need to pay a subscription to run the self-cleaning program?
Do vendors give you schematics for boards they make or RTL for asics? Where do you draw the line as to what is expected? From a hardware vendors perspective, firmware they give you which is locked down is simply an extension of the hardware that enables them to more cheaply iterate on it. Not a feature for customers to use to arbitrarily modify and add complexity to the test matrix and technical support for the vendor. Vendors who give away full configurability tend to see their costs rise rather than fall.
Oh I definitely don’t have a choice at work unfortunately so I’m all too aware of this. I’m mostly just talking about personal computing. But point taking!
I'm Danish, chat control has it's origin in a proposal from my politicians. It's been revoked because there was no support. The major reason it was revoked was because of the strong German stance against it. It's currently backfiring in the hands of the politicians who suggested it. In Denmarj we seem to often be on the wrong side of internet freedom, and I think we should all criticize that. Only it's not black and white, because we're also one of the most pro-free-speech countries in the world. I know the world is often turned black and white on the internet, but if you're always painting the black, then that doesn't help the debate.
I think that is what Pavel does. Look at how he mentions chat control, but not that it was turned down and revoked. Then directly goes on to criticize Germany (who shut down chat control) for being anti freedom. He doesn't say anything that is wrong. Due to their history, Germany does not allow you to say anything you want about their politicians, deny history or praise nazism. It's that same history that makes Germany such strong proponents for privacy though, because they've lived the Surveillance state before it was cool. That is what has turned Germany is a privacy haven on par with Sweden, but where does Pavel ever mention that?
For that is the main issue with people like Pavel. It's not that the message is wrong. The internet has become mainly controlled by a couple of SoMe companies which are controlled by the aristocracy. It's that he polarizes it, but only against the west. I get why he wouldn't criticize Russia even if he wanted to, but he's certainly not walking the walk, is he? The fact that he spreads the message on X just makes it even more hypocritical. (If you think that part about X is me being "woke", please keep in mind that Twitter banned Trump.)
If I had an electrician redo the wiring, I'd do the same thing without the "smart".