Just some Internet guy

He/him/them 🏳️‍🌈

  • 4 Posts
Joined 1 year ago
Cake day: June 25th, 2023


  • Max-P@lemmy.max-p.metoLinux@lemmy.mlLinux and being speedy
    2 days ago

    Linux encourages users to send patches while Microsoft is the sole company that can modify Windows.

    It’s very common to see patches from Google/Meta/Cloudflare/Amazon squeezing more performance for their particular use cases. That benefits everyone in the end.

    Microsoft on the other hand is more concerned about its enterprise sales and overall profits. So they don’t care that much. Windows 7 was horribly bloated, and they didn’t address until Windows 8 because they had to, because they realized it was too bloated to run on their new tablet PCs so they had to do something about it.

    Apple cares a lot, because their thing is energy efficient fanless netbooks, and phones, and tablets. macOS and iOS are very close in how they work, so Apple has all the incentive to keep it efficient because their software will also affect the hardware side of the business. Microsoft doesn’t, it’s the hardware partners that get stuck dealing with it.

    The NT kernel is fairly good, it just doesn’t get the attention it deserves. Microsoft mostly add features on top of older features, they never go in and be like “this sucks” and rewrite a feature, because that’s very risky to do and may break millions of applications and affect their bottomline. Linux doesn’t have to care about that.

    I’d say, if Windows was open-source, we’d have some pretty solid Windows distributions because the community would care to go in and fix a ton of bottlenecks that aren’t worth it for Microsoft as a company to even bother reviewing the patches let alone develop and test them. It’s much more lucrative for them to release AI crap like Copilot than make Windows 10% snappier. Because most Windows users are corporate people that makes decisions based on marketing and business items than being an enjoyable experience. Less frustrated users? Nah. More productive employees with crappy AI features that barely works? Hell yeah 🤑

    TL;DR: Windows sucks because of Microsoft’s business interests don’t require Windows to be that good, merely good enough.

  • It’s definitely not perfect, but this also wouldn’t affect GUI apps because there’s no shell to send inputs into to run other commands. There’s also more container escapes than just that.

    But it’s an added layer of security regardless, especially if you’re not directly running software designed to escape the sandbox. A drive by exploit in a browser for example, is less likely to successfully escape because the stars needs to align that you have both a vulnerable browser and a vulnerable kernel at the same time.

    The average credential stealer or NPM malware is likely to be contained and not even realize it’s in a sandbox. You have to get malware and said malware is smart enough to exploit an unpatched CVE in your sandbox.

    But no it’s not perfect, the only way to safely run malware is on a separate physical machine with no access to your local network, and ideally with no wireless technology at all (to avoid WiFi/Bluetooth exploits). Even VMs can be escaped, there’s a few CVEs for that too, and of course the processor bugs.

    Security comes in layers, unless a layer is basically useless, it counts.

  • Not sure if Windows has that but I believe on macOS what happens is the app tries to record the screen, and if it fails macOS blocks the request and opens the security settings to enable the permission, and you have restart the whole application for the permission to take.

    What’s done for Wayland is the portal system: applications can use portals to request access to specific things like screen recording, the DE does what it needs to do and it starts feeding the data to the application through the portal. It’s working fairly well, I haven’t had issues with those in a while. The application just requests what it wants, and the DE prompts the user (or auto accept the request) optionally remembering the choice as well.

    Generally the solution for X11 problems is to implement a modern API for it in either Wayland or as a portal. Which breaks old stuff, but once updated it works fine.

    The main obstacle is getting Gnome to agree to the protocols.

  • minSdk isn’t the same as targetSdk or maxSdk.

    You can target Android 14 and still support Android 1.5 devices if you really want to. Android will enforce that you use Android 14’s security features, but you can still use the old APIs just fine on older versions of Android.

    Android uses the target SDK to determine which restrictions to impose, because if you target Android 8 then your app can’t be aware of Android 14 features so it goes into compatibility mode. But the minimum SDK doesn’t matter, it’s just there to tell users of too old Android versions that the app can’t run.

  • That sounds like timer related. I would guess Windows just bloats up the buffer a lot to make it work, or you’ve enabled some Hyper-V enhancements that makes Windows happy.

    You can also switch to interrupt scheduled audio instead of timer scheduled. Also, how about direct ALSA like aplay direct to your hardware? That’s a good sanity check because that rules out PipeWire entirely. You could also see if PulseAudio handles it okay, then we can compare what PA and PW does different.

    Post your VM config maybe? Works fine for me with whatever virt-manager added by default. I do have cores pinned and high priority so it doesn’t cause latency spikes in the VM, the worst thing that can happen for audio is latency spikes and bad timers.

  • They all get cybersecurity insurance to limit/eliminate that risk and pass it down to someone else. Yeah, we’re at a point where companies have accepted it’ll happen and pay for fucking cybersecurity insurance to protect their capital instead of spending that money on actual security.

    Increasing the liability just means the premiums will be passed down to the users, and insurance companies will be rolling in cash. Not like the users would get the settlements anyway.

    And of course there’s the whole problem of disposable LLCs, so even a corporate death penalty would do shit, because our society doesn’t give a shit about people, only capital.

  • Those are Java package names. Android is written mostly in Java/Kotlin. Java being Java, the recommendation for package names is to use reverse domain name syntax to uniquely identify your stuff. So most of Android’s core is under the com.android.* namespace, and Google’s extra stuff usually under com.google.android or something like that.

    Android is also extremely modular, so a lot of the system is also just regular Android apps, including settings. That’s why you can see say, “Android Easter Egg” which is the hidden system app that gets launched when you tap the version number in settings a few times.

    If all you installed is GrapheneOS and Google Apps, I wouldn’t worry about malware. Google’s stuff might be spyware but that’s up to you to judge, but nothing that wouldn’t run anyway on your stock OS.