Problem with updates is that without automatic ones, users could stay on outdated systems and possibly get hacked through some vulnerability(of which there are many). While on the other hand, having explicit confirmations for each network request would be crazy annoying.

Maybe some middleground of having the tool OP sent built-in would be a good option.

I run all my systems with all outgoing connections blocked by default, and yes, it is annoying.

But it wasn't always this way, and so, I don't think it has to be. People just need to start paying attention to this.

The impact of a lot of those vulnerabilities would be mitigated if the affected programs didn't connect to the network in the first place.

As for updates in general, I really like the model adopted by Linux update managers and BSD port systems. The entire repository metadata is downloaded from a mirror and cached locally, so the search terms never leave your machine. Downloads happen from the nearest mirrors, there's no "standard" mirror software (unless rsync and Apache count?) so they don't report what was downloaded by whom back to any central system and you can always host your own. Everything is verified via GPG. And most importantly, nothing happens on its own; you're expected to run `apt/dnf update` yourself. It won't randomly eat your bandwidth on a metered connection or reveal your OS details to a public hotspot.

Simple, non-invasive, transparent, (almost) all-encompassing, and centrally configurable.

This can potenitally help people actually tell if their microbiome is okay. Seems like an actually useful study and will be very helpful for doctors.

Finally, we might have proof that family member(X) truly is releasing biological weapons grade flatulence at the next holiday get together.

Still remember installing those j2me games on my classmate's phones. It was a bit hard to figure out and find the right resolutions versions for each phones.

This strategy requires you to be "on-call" for personal stuff. Honestly, I don't want to spend more time on pet projects than I already do. Or cutting some of it away on support instead of spending more on things I would actually be interested in.

And resulting downtime might be even bigger than that with cloudflare.

Pretty sure hetzner is still a lot less in terms of provided features. There are reasons people get "amazon certified". So, aws alternatives are few and require a lot more resources to create and maintain, while alternatives to hetzner would be a lot easier to create, keeping original Hetzner prices in-check with the market.

This sounds like a good idea, as most mainstream social media is in an awful state that damages mental health.

But at the same time, I am against governmental invasions in personal things, so mixed feelings about the initiative overall.

Using a pirated OS does not sound like a good idea lol. Who knows what could be added during "cracking" of the license.

Nuthing. You could manually reproduce what massgrave does.

How much time would you need to manually reproduce their 20k lines of activation code? And what qualification would you need?

Answering this question seriously, I'm a programmer / IT know-it-all, and I did it under two hours, which included firing up my own activation emulator, toward which I point my Windows. Now that I have the process down, it's taking seconds for each new Windows.

Last time I checked it was like 200 lines.

Check properly next time, their 200 lines PowerShell script is downloading some 20k line cmd monstrosity https://github.com/massgravel/Microsoft-Activation-Scripts/b...

But this level of scrutiny is precisely why such DIY security claims ring hollow.

From what I can remember, there are like 10 various routines for different ways to activate different products and most of the code is just boilerplate, no? You definitely can trace the hwid codepath in a reasonable time.

Whatever it is, I'm sure it's not half as bad as things that Microsoft puts there. After all, who knows what's in Windows source code.

if anything bad ever happened after using MAS there would be piles of evidence because MAS is brought up every time people discuss Windows license price. Equating piracy to malware is disingenuous and malware is not the only bad factor. If you consider all of them it turns out that there is a lesser chance you'll get screwed if you pirate be it music, movies or operating systems

I am pretty sure all the stuff is optional and the main point is having everything like drivers working right away instead of looking for solutions yourself

That's something most distros do already, or at least try to. Good default setup and working drivers Ubuntu aimed for a decade ago. So that would not be exciting.

Maybe it's more about the willingness to include software other distros see critically and would not include by default, like docker.

> at least try to

this. they try to be un-opinionated.

The difference is of taste.

I tend to agree with the comment on the blog that this version might be patched, and there's no proof of the server being actually vulnerable.

Isn't battery life worse on it?

I did consider it at some point but not having google wallet(apparently nfc payments are only available via banks' apps there) was too big of a downside for me.

It is Google themselves choosing to prevent GrapheneOS from passing the validation checks required to make GPay work (which is the app that makes the actual payment).

Wallet is there, you can hold digital cards, and transit cards, and your Ikea member card, etc. It's GPay that won't work to do the payment. And it's Google the one being a bully and deliberately making you think like that towards any alternative that's not in their list of approved systems that can be used in your own phone.