They've got a red-team type process they apply repeatedly, you have to piece things together from the changelogs to get a grasp on what they're doing. They've built a positive feedback loop on which to iterate improvements in security, and bundled it in a way to be used effectively with Ansible.
They're following CIS guidelines, so if you're in a situation where that matters, it's probably a solid starting point for building things you need to have compliant and predictable. Could probably save weeks of effort, depending on the size of the team.
Deployed and actively used by some larger european companies, we also got feedback from some US companies that use parts of our work to harden their systems.
Now the car company has a live feed of your location and the ability to unlock your car at will. That's probably fine unless they get hacked, at which point it abruptly becomes less fine. https://news.ycombinator.com/item?id=35919133
And since Project Treble you wouldn't even get the drivers, because Android Linux is a pseudo-microkernel now, where drivers run in userspace and talk via Android IPC (Binder) with the kernel, enforced since Android 8.
Android is open source partly because they can fund it from Play Store profits. Google is thinking that their Play Store profits are going to be cut, and they want to make the profit up elsewhere - and importantly, maintain control of the platform. This is their method.
They've already used this playbook in the past with Google Play Services, and even before that when they abandoned all the built-in open source apps (Email, Calendar, etc.).
By GPL, they're only obligated to release an offer that allows costumers to request the source code. They can still keep the source "closed" by default.
It has to be the source of the distribution the user currently has a copy of. So they can't just say "sure" and then wait until the next public release. I'm not sure about timeliness, though.
From other discussions, it sounds like they are shipping the copyleft source on time, only the permissive/pushover licensed stuff gets delayed source releases.
The only ways I know to take a full backup of an Android device require it to already be at least bootloader unlocked. There are unprivileged ways to take backups, but they don't work for all apps.
We don't have a good filesystem that works without caveats and annoyances on NT+Darwin+Linux. Depending on your pain tolerance, FAT32, exFAT, and ZFS are all reasonable choices.
Okay, I looked around a bit... which was hard because trying a search seems to be the only way to interact... and I still don't know what "Shadcn blocks" are?
Edit: Okay, web search turns up some results which leave me more confused. Is this like... a site that searches sites using this specific set of website components? Why?
Shadcn is an open modular UI framework (toolkit? Whatever you want to call it), and this seems to search repo's (not sites themselves, but could be wrong) for various components.
It's kind of like pinterest or dribbble but specifically for Shadcn UI elements.
Although I am all for freedom, one forgets that this is one of the few places left on internet where discussions feel meaningful and I am not judging you if you want AI but do it at your own discretion using chatbots.
If you want, you can even hack around a simple extension (tampermonkey etc.) where you can have a button which can do this for you if you really so desire.
Ended up being bored and asked chatgpt to do this but chatgpt is having something wrong, it got just blinking mode so I asked claude web (4.5 sonnet) to do it and I ended up building it with tampermonkey script.
I was just writing this comment and I just got curious I guess so in the end ended up building it.
Although Edit: Thinking about it, I felt that we should read other people's articles as well. I just created this tool not out of endorsement of idea or anything but just curiosity or boredom but I think that we should probably read the articles themselves instead of asking chatgpt or LLM's about it.
There is this quote which I remembered right now
If something is worth talking/discussing about, its worth writing
If something is worth writing, then its worth reading.
Information that we write is fundamentally subjective (our writing style etc with our biases etc.), passing it through a black box which will try to homogenify all of it just feels like it misses the point.
<s>I'm not entirely sure but I think</s> if the file name ends with .user.js like HN%20ChatGPT%20Summarize.user.js it will prompt to install when opening the raw file.
Alright so I did change the name of the file from HN ChatGPT Summarize.js to hn-summarize-ai.user.js
Is this what you are talking about? If you need any cooperation from my side lemme know, I don't know too much about tampermonkey but I end up using it for my mini scripts because its way much easier to deal with compared to building pure extensions themselves and these have their own editors as well so I just copy paste for a faster way to prototype with stuff like this
Fair I guess, I think I myself might use it when sometimes the articles are more dense than my liking perhaps. As I said, I just built it out of curiosity but also a solution to their problem because I didnt like the idea of having an AI generated summary in the comments.
I mean, they didn't bury it far in the article, it's like a two second skim into it and it's labelled with a tl;dr. Not a bad idea in general but you don't even need it for this one.
reply