Is it possible to allow sideloading *and* keep users safe?https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/In which I attempt to be pragmatic
Uncategorized
4
Posts
4
Posters
27
Views
-
Is it possible to allow sideloading *and* keep users safe?
https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store0.
I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.
There are, I think, two small cracks in that argument.
The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.
But that's not the only thing Google is proposing. Let's look at their announcement:
We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.
A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:
No rational user would install a purported battery app with that scary list of permissions, right? Wrong!
We know that users don't read and they especially don't read security warnings.
There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.
Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.
Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.
And people still click on.
Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:
This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
…
September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.
Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).
There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.
Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.
It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.
Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.
Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.
Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.
Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.
And Yet…
This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!
Fuck that!
I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.
I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.
Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.
Going back to their statement:
To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.
This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.
They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!
I hate it.
I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.
Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."
But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.
So What's The Solution?
I've tried to be pragmatic, but there's something of a dilemma here.
- Users should be free to run whatever code they like.
- Vulnerable members of society should be protected from scams.
Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?
Do we say that the right to run free software is more important than granny being protected from scammers?
Do we pour billions into educating users not to click "yes" to every prompt they see?
Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?
Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?
Do we chase down and punish everyone who releases a scam app?
Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?
I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.
-
Is it possible to allow sideloading *and* keep users safe?
https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store0.
I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.
There are, I think, two small cracks in that argument.
The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.
But that's not the only thing Google is proposing. Let's look at their announcement:
We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.
A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:
No rational user would install a purported battery app with that scary list of permissions, right? Wrong!
We know that users don't read and they especially don't read security warnings.
There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.
Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.
Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.
And people still click on.
Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:
This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
…
September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.
Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).
There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.
Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.
It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.
Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.
Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.
Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.
Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.
And Yet…
This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!
Fuck that!
I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.
I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.
Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.
Going back to their statement:
To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.
This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.
They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!
I hate it.
I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.
Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."
But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.
So What's The Solution?
I've tried to be pragmatic, but there's something of a dilemma here.
- Users should be free to run whatever code they like.
- Vulnerable members of society should be protected from scams.
Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?
Do we say that the right to run free software is more important than granny being protected from scammers?
Do we pour billions into educating users not to click "yes" to every prompt they see?
Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?
Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?
Do we chase down and punish everyone who releases a scam app?
Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?
I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.
-
Is it possible to allow sideloading *and* keep users safe?
https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store0.
I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.
There are, I think, two small cracks in that argument.
The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.
But that's not the only thing Google is proposing. Let's look at their announcement:
We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.
A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:
No rational user would install a purported battery app with that scary list of permissions, right? Wrong!
We know that users don't read and they especially don't read security warnings.
There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.
Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.
Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.
And people still click on.
Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:
This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
…
September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.
Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).
There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.
Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.
It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.
Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.
Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.
Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.
Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.
And Yet…
This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!
Fuck that!
I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.
I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.
Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.
Going back to their statement:
To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.
This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.
They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!
I hate it.
I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.
Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."
But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.
So What's The Solution?
I've tried to be pragmatic, but there's something of a dilemma here.
- Users should be free to run whatever code they like.
- Vulnerable members of society should be protected from scams.
Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?
Do we say that the right to run free software is more important than granny being protected from scammers?
Do we pour billions into educating users not to click "yes" to every prompt they see?
Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?
Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?
Do we chase down and punish everyone who releases a scam app?
Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?
I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.
-
Is it possible to allow sideloading *and* keep users safe?
https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store0.
I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.
There are, I think, two small cracks in that argument.
The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.
But that's not the only thing Google is proposing. Let's look at their announcement:
We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.
A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:
No rational user would install a purported battery app with that scary list of permissions, right? Wrong!
We know that users don't read and they especially don't read security warnings.
There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.
Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.
Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.
And people still click on.
Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:
This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
…
September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.
Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).
There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.
Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.
It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.
Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.
Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.
Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.
Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.
And Yet…
This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!
Fuck that!
I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.
I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.
Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.
Going back to their statement:
To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.
This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.
They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!
I hate it.
I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.
Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."
But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.
So What's The Solution?
I've tried to be pragmatic, but there's something of a dilemma here.
- Users should be free to run whatever code they like.
- Vulnerable members of society should be protected from scams.
Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?
Do we say that the right to run free software is more important than granny being protected from scammers?
Do we pour billions into educating users not to click "yes" to every prompt they see?
Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?
Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?
Do we chase down and punish everyone who releases a scam app?
Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?
I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.
@blog
This is a central problem of what makes societies: where do we put trust ? In a capitalist world we are pushed all the way to not trust each other but only the State and companies, not because we want to, but because we have to. It's only in this world that trusting Google is the best thing to do to prevent malware.
Which is why we absolutely need to build another system where we have collective circles of trust. No need to wait for the Revolution to happen, we have already started it: our Fediverse instances are bundles of trust, oftentimes not for profit, where we can ask each other questions and support each other. This is, to me, the model where we need to go: those-who-know must take some time to show those-who-don't around, teach them how to actually use a smartphone, install F-Droid and then trust them with everything that's on F-Droid, ....
To me the pragmatic (I hate that word) approach is to build mutual aid communities, bring back the human touch. Yes, sideloading is full of malwares, but the solution is to turn to your local geek groups. LUGs used to do that, they should be forwarded all the way to the 21st century where the main device is a smartphone
@Gargron -
undefined oblomov@sociale.network shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@evan @mayintoronto wow. You made me realise I have not used a word processor for the past month! Woohoo! That was fun!
-
@stefano
We shouldn't forget that the movements in memory manufacturers are because datacenter demands pays more compared with consumers demands.It's kinda "race". If consumers pay more, datacenters would pay even more.
This means "cost pressures" on datacenters become higher and it should cause the fee for datacenters to be more expensive.So I think keeping data "in premise" being still competitive.
-
Hardware Store Marauder’s Map is Clarkian Magic
The “Marauder’s Map” is a magical artifact from the Harry Potter franchise. That sort of magic isn’t real, but as Arthur C. Clarke famously pointed out, it doesn’t need to be — we have technology, and we can make our own magic now. Or, rather, [Dave] on the YouTube Channel Dave’s Armoury can make it.
[Dave]’s hardware store might be in a rough neighborhood, since it has 50 cameras’ worth of CCTV coverage. In this case, the stockman’s loss is the hacker’s gain, as [Dave] has talked his way into accessing all of those various camera feeds and is using machine vision to track every single human in the store.
Of course, locating individuals in a video feed is easy — to locate them in space from that feed, one first needs an accurate map. To do that, [Dave] first 3D scans the entire store with a rover. The scan is in full 3D, and it’s no small amount of data. On the rover, a Jetson AGX is required to handle it; on the bench, a beefy HP Z8 Fury workstation crunches the point cloud into a map. Luckily it came with 500 GB of RAM, since just opening the mesh file generated from that point cloud needs 126 GB. That is processed into a simple 2D floor plan. While the workflow is impressive, we can’t help but wonder if there was an easier way. (Maybe a tape measure?)
Once an accurate map has been generated, it turns out NVIDIA already has a turnkey solution for mapping video feeds to a 2D spatial map. When processing so much data — remember, there are 50 camera feeds in the store — it’s not ideal to be passing the image data from RAM to GPU and back again, but luckily NVIDIA’s “Deep Stream” pipeline will do object detection and tracking (including between different video streams) all on the GPU. There’s also pose estimation right in there for more accurate tracking of where a person is standing than just “inside this red box”. With 50 cameras, it’s all a bit much for one card, but luckily [Dave]’s workstation has two GPUs.
Once the coordinates are spat out of the neural networks, it’s relatively simple to put footprints on the map in true Harry Potter fashion. It really is magic, in the Clarkian sense, what you can do if you throw enough computing power at it.
Unfortunately for show-accuracy (or fortunately, if you prefer to avoid gross privacy violations), it doesn’t track every individual by name, but it does demonstrate the possibility with [Dave] and his robot. If you want a map of something… else… maybe check out this backyard project.
-
@evan Collabora {Online, Office} and AbiWord.
-
@jtonline excellent, no notes.
-
-
Latest idea for the 2025 Christmas tree name...
Volodymyr Zelenstree
-
@evan At work, we're a Microsoft shop. In my personal life, I use a text editor.
