The problem with Chinese EVs is that they show it’s possible to innovate, keep prices down, and mass produce.

It’s not only possible, it’s easy: you just need terrible labor and environmental standards, poor welfare, cheap access to raw materials, and tons of state subsidies :)

It’s interesting to note that “we” knew all along it would end like this but just couldn’t resist moving/outsourcing production to China nor investing in China’s fast-growing economy.

“We” were chasing short-term profits and China was playing the long game. Apparently, both parties won, each at their own game.

Stop making $70K SUVs and start making $20K Taurus and Escort EVs. You did it once. You can do it again.

The cost of batteries is (relatively) higher for cheap vehicles, so that’s the segment where it makes the most difference.

Kensington? I don’t think an air tag can actually prevent theft (if they see it they’ll remove it - if they don’t see it they’ll still steal your stuff)

Irrelevant: the goal is not preventing shootings (I mean, they would go for the obvious solution otherwise)

Why did they call them ‘gold’ and ‘silver pro’?

I have no idea what a DreamMachine is (and wikipedia does not help) so here’s the long answer :)

If you want a VPN tunnel to your own home, for secure access to your LAN, I’d recommend you look into NetBird and/or TailScale, which at their core are wireguard plus NAT punch-through (you can also run wireguard or openvpn directly, but it may be a pain since you most probably have a dynamic IP and possibly a CGNAT).

If you want to hide your traffic while connecting through networks you don’t trust (such as the work one or some cafe’s wifi), you can either use NetBird/Tailscale as above and connect though your home (well, assuming you trust your ISP of course) or some third party VPN which connects to their servers (I’d say look into Proton first).

Keep in mind that VPNs actually do very little for your online privacy (ie. it’s not like google or facebook can’t track or fingerprint you). They do is prevent man-in-the-middle traffic analysis from your ISP (or the admin of whatever LAN you are using), but then the VPN provider can do the exact same things, so… make sure to double-check the privacy guarantees of your VPN provider and compare them with those of your ISP.

What do you (think you) need a VPN for?

Lineage OS is not designed to relock the bootloader.

I don’t understand why so many people worry about that… doesn’t it only ensure that data is wiped if some agent secretly installs a rootkit or sorts on your phone before giving back the device to you?

To me, bootloader locking is mostly a way for phone manufacturers to make it harder to run anything but the ROM they have chosen (and it’s a PITA and the most laborious part of installing a ROM).

I hate them (seriously).

It’s basically a second distro inside your distro (try du -chs /var/lib/flatpak/) and if something breaks (eg. last year mesa with my graphics card) it isn’t easy to identify were the problem is (because all libs update at the same time), plus you can’t just try a newer (or older) version of some lib as you would in your distro.

Moreover, you can’t flatpak CLI tools (also servers and OS components, but I guess the ubuntu folks are the only ones who care about those).

btw :)

https://wiki.lineageos.org/devices/ and make sure to double-check that unlocking the bootloader isn’t too much bother (ie. read the installation instructions)

only dangerous for around 500 years

That “only” is just ridiculous :)

Just try to imagine the history of a nuclear waste storage site from the 1500s… how many budget cuts would have it seen? how much buck-passing when it changed hands as a result of war of revolution? how many times would it have been bombed? (and it’s not like we’ve had bombing for a very long time).

We are just not responsible enough to play around with nuclear. Hell, we are showing we are even not responsible enough for hydrocarbons.

(yes, I do know some amount of nuclear waste, from medical applications etc., is definitely worth it and unavoidable - let’s just keep it to a minimum)

AFAIK a sunken reactor is not as big of a threat to life as a one (marine or land-based) that releases nuclear material in the atmosphere, so the biggest issue should be what may happen before the reactor sinks.

Anyway IMHO the biggest issue with nuclear is not its safety, but rather that, even when it operates without the slightest of incidents, it produces waste that needs to be kept “safe” for periods of time that exceed the age of most nation states (let alone private companies).

Today will be another productive day!

There’s AsteroidOS but I couldn’t find any of the supported watches (all quite old IIRC) at a reasonable price.

Gadgetbridge with some proprietary watch is fine privacy-wise (I had an Amazfit GTR3 pro, I needed to register an account with the Zapp app and use it once, but then uninstalled it once I got the required password and used Gadgetbridge exclusively).

Bangle and the Pine Watch are low-res and IMHO quite ugly compared to alternatives from big brands.

My bad for causing confusion: when I wrote “trusted signature” I should have said “trusted public key”.

The signatures in an apt repo need to be verified with some public key (you can think of signatures as hashes encrypted with some private key).

For the software you install from your distro’s “official” repo, that key came with the .iso back when you installed your system with (it may have been updated afterwards, but that’s beyond the point here).

When you install from third-party repos, you have to manually trust the key (IIRC in Ubuntu it’s something like curl <some-url> | sudo apt-key add -?). So, this key must be pre-shared (you usually get it from the dev’s website) and trusted.

That would be “a pre-shared trusted signature to check against”, and is seldom available (in the real world where people live - yes, there are imaginary/ideal worlds where PGP is widespread and widely used) :)

Installing a .deb is what I was thinking about.

Even a signed tarball is better than curl|sh.

If you have a pre-shared trusted signature to check against (like with your distro’s repos), yes. But… that’s obviously not the case since we are talking installing software from the developer’s website.

Whatever cryptografic signature you can get from the same potentially compromised website you get the software from would be worth as much as the usual md5/sha checksums (ie. it would only check against transmission errors).

Binary packages have scripts (IIRC for .deb they are preinst/postinst to be run before/after installation and prerm/postrm before/after removal) that are run as root.

BTW the “unzip” part is also run as root, and a binary package can typically place stuff anywhere in your system (that’s their job after all)… even if you used literal zip files they could still install a script in ways that would cause the OS to execute it.

But you don’t have to develop anything.

I interpreted your “look for ways to do things separately” as “look for separate tools that do the various things” (and you have to integrate), but I see now that you meant “look for ways to do things differently”. My bad.

I’ve heard this over and over… what’s the difference security-wise between sudo running some install script and sudo installing a .deb (or whatever package format) ?