Now I’m thinking with portals.

I don’t think it is right to trivialize rape like that.

I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.

Anytime I want cooperation I will need to persuade you.

That sounds suspiciously like democracy, the thing we would quite like to achieve.

But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.

Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.

You can buy a phone that arrives running GrapheneOS. This might not be advisable, because it adds another point of trust in the refurbisher who actually does the flashing, but you don’t need to have the skills or do the research to install it yourself to get access to a device that runs it.

It’s not that I want to give them the benefit of the doubt, it’s that the article neglects to bring in that whole thread of the argument that you give here. This should all be in the article.

The SensorVault data is “just” the Google Maps Timeline data though, right? Which people have always been able to turn on and off, if they knew about it.

I feel like Google not really respecting a concept of user consent and pretending people agree to poorly-publicized and often-modified tracking programs is a different, and, frankly, weirder, privacy problem than there being closed source stuff running with high permissions. If you could revoke permissions from Play Services, or if it was source available or even free software, that wouldn’t solve the problem because it would still be able to do stuff Google had manufactured consent for it to do.

Do you mean “transmits” as in “from the location service on the phone to the mapping app on the phone”?

Or do you mean the phones are all updating the wifi SSID geolocation database, which they then all can use for doing wifi-based geolocation?

The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.

But if a Graphene device takes a non-malicious approach to data management out of the box, can’t you just buy one of those instead of doing research and taking charge of your device to proactively prevent spying? Why not just let a trustworthy organization like the Graphene project manage it for you, instead of an untrustworthy one like Apple?

I had no idea these existed and they look amazing!

Where do you buy these that isn’t under boycott?

Sounds like a lot of people are out there selling defective hardware.

I thought they were still hoping to convince people to use Bedrock so they had to buy Windows.

You should definitely get off of Rumble; I think it’s full of Nazis.

I think there was some kind of crypto-themed thing that was LBRY and also Odyssee at the same time, but that might have been infested by Modern Crypto Nazis also.

There are the centralized YouTube competitors like Vimeo and DailyMotion.

If really your priority is the availability of a large audience and a slick mobile app, you want the centralized social media platforms: Tiktok, Facebook, Snapchat, Instagram, X. Also often full of Nazis, or under the direct personal control of individual billionaires, who may themselves be Nazis.

Honestly I recommend trying to do something other than reach a large audience that someone else has already herded onto a platform. Mark Zuckerberg may see fit to bless you with many views and complementary bot comments, but why would he? Trying to make videos for a lot of people to see, without controlling your own distribution and advertising, is a long, almost certainly unsuccessful, and hence unrewarding slog. If you aren’t making stuff for its own sake, you won’t get there, and if you are making stuff for its own sake, it won’t matter when you don’t get there.

I mean if you put up an Internet-facing unauthenticated file acceptor it will quickly become stuffed with all sorts of garbage and aspiring malware. You definitely don’t want to hook that up to an untar and exec loop, even with some notion of sandboxing. It will just start mining Bitcoins or sending spam or something.

But if it is built properly, with only authorized users being able to upload stuff, and a basic understanding of not dropping stuff where the web server will happily execute every PHP web shell someone sticks in the slot, and the leverage to threaten people into not uploading pictures of their own or others’ butts or Iron Man (2009), I don’t see why all but the file-uploading professionals should immediately give up.

You could definitely build something like this. You definitely want either human review before execution or a fair amount of sandboxing for whatever your students submit.

Do you want students trying to brute force or exfiltrate whatever test data lives in the server? If not, either they should just have the test cases already, or they can get back how many/which of the secret test cases they passed along with their grade, so showing them the results live might not be so important. Unless you want something like “you have 3 tries to pass the secret tests so you can get a hint that your own tests missed a case and go back and try to guess what it was”.

You also might want to invest time first in test harnesses for the students to run themselves, because you want them to learn good practices like coding against a test suite. If nothing else it makes it easier to make the auto-grader later if the students’ code is all already hooked up to the same test framework.

Teaching students how to use fully use a multi-user Unix system can for some topics put unnecessary faffing about between the students and what they are trying to learn (are you teaching front-end web dev or something?), but in a lot of cases your students might actually be better served by something that makes them touch the deep magic than by a slick web UI that handles everything for them, as long as you turn it into a learning experience and not a protracted period of bafflement.

Does your school not already have some kind of shared CD department server/Unix environment for the students that could get you out of account management?

Also, the Right Way to get the code to the server is probably going to be Git and not a tarball. The students could/should be set up with a Git forge and indoctrinated in never leaving their code on their laptop to be sat upon and lost.

One thing that might help is having a broader background in the field and its concepts. If an interview question can feature a bunch of concepts you’ve never heard of, you might have missing bits of background you could learn more about to fill in gaps. You could go from “I have no idea what a hadoop is or what it’s for” to “I know people like to use Hadoop for X and it works basically like Y but I’ve never used it myself” pretty quickly.

Anyone useful as a computer-related employee is still going to encounter problems they don’t immediately understand on a daily basis, though. You need to be able to happily and confidently say “I have no idea what X is, what is that?”. An interviewer will be happier to get a clear idea of what you don’t know than to see you struggle to pretend to know things, because someone who pretends to know what they don’t is a danger in a real workplace. And maybe they’ll actually teach you enough to let you solve the problem, or, failing that, to be able to answer the next interviewer who asks you about that thing.

If you want to practice being asked baffling questions you can’t understand, AI might actually be the right tool for once.

Don’t they owe the kernel code to anyone with the kernel binaries under GPL? Anyone with a Pixel running this release has a right to get the code on demand from Google, right? The news coverage doesn’t seem to consider this.