This is a wild misrepresentation of the situation. Saying there is no opt-out is just false, they even provide the information on how users can opt-out. The "mandatory 24 hour cooling-off period" is also misleading, it's easy to bypass the cooling-off period with ADB.
> Saying there is no opt-out is just false
I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
> easy to bypass the cooling-off period with ADB
I don't think this is a reasonable use of the term "easy". I should be able to give my non-technical friend an apk and they can use it right then, with the one "are you very sure" screen.
> . I should be able to give my non-technical friend an apk and they can use it right then
Unfortunately that is the same vector that scammers use to drain people's bank accounts
Such is the cost of computing freedom. This line of thinking is analogous to surveillance justifications in meatspace.
The concepts don't need to be at odds with each other.
But also, I don't think that "computing freedom" means you get to use other people's computers without consent. Let's be clear here: Google's requirement for ID only applies to apps distributed from their computer. Presuming that you do actually respect computing freedom, I'd guess you'd support them in this.
I think a good compromise is that they could permit you to sideload. Which they are doing.
But also, if you are very concerned about computing freedom you can also vote with your wallet when you purchase a device.
> But also, I don't think that "computing freedom" means you get to use other people's computers without consent.
Who said anything like that? This is about being able to install software on your own device.
> I don't think that "computing freedom" means you get to use other people's computers without consent
Consent from whom? Consent is already required, why are you discussing this as though consent is not required? Why are you stating it as if people are using other's computers without consent? Right now when I sideload an APK on _my device_, I have to explicitly consent to allowing it to install. And I do not require the author of that APK to have made any deals/interactions with Google. What you mean is Google's consent or a debugger's consent or my consent tomorrow.
So I, as the user, will no longer be able to provide consent alone. I wish that you were right and it was just "no running without consent", but that is today's behavior, and that is being altered.
> I think a good compromise is that they could permit you to sideload. Which they are doing.
They always have, and that was a good compromise. They've now decided you can't sideload until tomorrow unless you break out debugging tools or require the author make special deals with a specific vendor. What exists today is a good compromise, the change is not.
I expect the same from my desktop and mobile devices here.
You mentioned surveillance -- I presumed you were talking about the ID requirement. This only applies if you're using Google's computers to push out your app.
If you sideload... what "surveillance" are you talking about?
> They've now decided you can't sideload until tomorrow
A single 24 hour waiting period, only the first time. Or just use ADB. The point is to prevent false-urgency scams. Honestly even this seems to me to be pretty weak.
Can you think of a single better option that has any efficacy at all?
If they're not surveilling what apps are being sideloaded, why is the bypass managed by google play services? There are at least 2 better options: - An option to not install the update which would fuck with my device - An option to use the OS layer instead of google play services for this fuckery. i disable gplay services the moment I get my hands on a new phone.
>Unfortunately that is the same vector that scammers use to drain people's bank accounts
Is the solution really that no one can use a computer without special permission and inspection of government issued identification? If we wouldn't tolerate this with our desktop/laptop OS, why is it suddenly okay for our mobile computing platforms?
If Microsoft required this to run software in Windows, there would be riots.
> Is the solution really that no one can use a computer without special permission and inspection of government issued identification?
No, that is neither the only solution nor is it the one proposed here by Google.
Only physical practicalities will prevent this thinking be applied throughoutly: we can't have guardians preventing people from being scammed face to face. But having to identify yourself on a desktop computer and only be allowed to install software vetted by Microsoft and bunch of governments is readily on the books for the kind of thinking that makes these suggestions.
That's where it inevitably leads to. If people can't be allowed to be responsible for X, next they can't be allowed to be responsible for Y, then Z -- all for their own sake. Google taking some mythical "responsibility" on behalf of their users means the users are left powerless and that is that something Google wants more than just being a "good guy" who protects people from conmen.
It's not like people simply couldn't just limit themselves to installing apps from Google Play already, without these "guardrails". Android currently does make it clear that installing unknown apks from an external source is risky and shouldn't be done unless you really, really know what you're doing. No further technical solutions are required for the problem. You can't fix stupidity with technical means.
If someone is dumb enough to ignore a very explicit warning message, that's their problem. We also don't restrict the sales of kitchen knives just because some people inevitably are going to be dumb enough to hurt themselves with a knife. If they hurt themselves that's their problem, not the problem of more intelligent people.
I will say, an underrated use case for even small, local LLMs is making command line tools drastically more accessible to laypeople
I now know zero people I don't think should use linux, and people I know seems to run quite a gamut of technical know-how compared to most other technical folks I know
Having an LLM directly and autonomously drive command line tools outside of a strict sandbox sounds like a ticking time bomb.
Thinking tokens: "The files I'm trying to read are missing, I need to figure out why. I see the problem, I accidentally ran rm -rf /home/user. Let me run git restore. No that didn't work. Let me try git reset --hard origin/HEAD. That still didn't work. I should inform the user."
Output: "I was unable to complete the task you requested. Restore /home/user and I will try again"
I tend to set people up with a chat interface, which is pretty good for asking for commands or scripts that the user will then copy into their terminal. Most people I've gotten to try linux do pretty well with just a wiki, but once they run into something they want to do that's kind of idiosyncratic they tend to ask me for help. While I think running models that have access to a shell is dangerous and should be handled carefully, the fact that they've been trained for this use case generally means they're pretty good at shell commands and can give you one a decent chunk of the time. I'm never willing to inject an external dependency controlled by a company into people's computing needs unless they specifically ask for it, so this is usually a lightweight local model specialized in tool use, but not given shell access. This isn't much different from how they'd use search engine for this purpose these days, but if running locally, it can be more fault-tolerant to issues that affect their internet access as well as offering better privacy guarantees, albeit obviously a little less capable
ADB is not the only option. Do the 24hs wait then the experience will not be much different than what already happens today: https://imgur.com/a/Z9hoYIh
Doing a 24h wait _is_ much different from what happens today. That's the whole point. If my two options to run an application of my choosing are to use ADB to flip a switch or to wait a day, that is ridiculous.
I am only slightly comforted by the fact that desktop computing had set (some) self-ownership precedence before the current restrictive computing hegemony took control, though even that is eroding.
Wait until you find out about games consoles
The way you give your non-technical friends an APK and they just install it is by you signing it.
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
And then having Google approve it, so hopefully your app does not do anything that Google does not like, such as block ads.
But I want to let someone MITM my non-technical friend and repalce my APK with malware.
> I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
I don't understand this, the ability to bypass new behavior in settings menus is basically the defenition of a new feature having an opt-out. Can you elaborate?
And I kind of buy the intent behind the cooling-off period anyway. IIRC it's to prevent people from being pressured into installing apps by scammers that could then take their phones hostage
As if there are no scam apps on Google Play.
Yes. That attack is a very real attack. The attacker gets access to the victim's phone and sideloads additional apps that appear to be the victim's legitimate banking application. The victim logs into it and sees a fake balance (as the app is fake). Pressure and other social engineering tactics are invoked and the scammer walks away with all of the victim's money.
You still need Developer's Options enabled and plenty of banking and other apps complain if you do that. Why do I need the Developer's option enabled to run an app I developed myself, to be used by myself? It's clear they're heading to a walled garden and this is just a step towards that.
> Saying there is no opt-out is just false, they even provide the information on how users can opt-out.
The article states that you can't opt-out of the update, which AFAIK is correct.
[flagged]
"Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data."
https://news.ycombinator.com/newsguidelines.html
Yeah, saw that; rubbed me wrong. "If you disagree you are manufactured, a shill." This kind of condescension has never been very convincing. And I mostly agree with the petition.
[flagged]
[flagged]