It’s been a while, but I believe you do need the annoying new XML/SVG thing as it also doubles as the splash screen animation when you open an app as well. You can embed a PNG in those but vector is preferred because of screen resolutions.
Wishing you great success with your app, disabilities are wildly underserved especially in open-source.
Wine has always done that, last seen on Plasma 5 (I switched to Wayland with Plasma 6), and I remember that being a thing way back in 2007 too. Valved patched the scaling in Proton as well I believe so that might be why it didn’t do that.
It behaves how fullscreen apps work on Windows, takes over your whole display and messes with the resolution and all.
It’s supposed to scale correctly, but otherwise Gamescope will take care of that particular issue.
Kinda annoying on Xorg when the game just decides my screen should be 800x600 and then proceeds to crash and leave me at 800x600 on a 4K display with scaling set to 200%.
It seems to have picked up “circle” as the distro. You’ll need to replace that with the matching Ubuntu or Debian version of what this version of ElementaryOS is.
It’s derived by both a key from the TEE and the PIN/password.
The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.
It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.
Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.
It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.
Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.
It doesn’t solve Safety Net/Play Integrity, at all. My bank is the kind that just warns you and then lets you in anyway. I just live without Google Pay, I just put the card in the phone case to the same effect. The point I was making there is that most apps don’t care, Google isn’t “pushing” it, but it is made available to developers, so really it’s the app developers’ choice to check or not.
Pixels are just less fiddling because flashing it is supported. It is not endorsed by Google, and you don’t pass Play Integrity at all, but it is supported and doesn’t void your warranty. They just allow you to install whatever you want on your hardware without a fuss, and get the full performance you’d expect and all, and even make use of the security chip. But, they only trust their code and their ROM for the purposes of Play Integrity, which is kinda fair game.
That’s why it is quite ironically the device of choice for GrapheneOS. It’s not a hack, it’s a fully supported use case even though you lose Play Integrity certification, so they can implement all the security features Google has access to. The TEE will happily sign a unique and verifiable integrity attestation… for GrapheneOS’s ROM signature. You can make an app that only works on genuine official GrapheneOS the same other apps do with Play Integrity. You can have a custom ROM and properly enroll it in some enterprise MDM and all that stuff, and only allow your builds of that custom ROM to enroll. But, no Play Integrity because it’s not their official certified build.
It’s like PC, you can turn off secure boot, you can secure boot with your own OS keys and get all the security benefits. But Valorant will still refuse to let you play if you haven’t booted with secure boot into an official unmodified copy of Windows where they can ensure their kernel anti-cheat can trust the kernel about what drivers and processes are loaded. Microsoft isn’t forcing their OS on you, but the developers will only trust you if you do. You’re still perfectly free to put Linux on it, and it won’t affect you otherwise.
If you’re buying something to mod I’d recommend a Pixel, unless you’re getting an older OnePlus for cheap.
It’s a OnePlus 8T, but I think any OnePlus before I think the OnePlus 11 have excellent custom ROM support.
AFAIK I got lucky and the 8T is the last model from their “being nice to developers” era. OnePlus was born originally to be developer friendly, it was based on CyanogenMod out of the box, they even sent phones to developers.
Mine launched with OxygenOS 11, and then OOS12 was completely rebuilt on Oppo’s ColorOS and they threw everything out the window. Took them forever to drop sources, and it just went downhill from there.
Google bought Widevine in 2010, so in my opinion they were already concerned about big corp’s interests above the users well before. I think SafetyNet is the natural evolution of that.
I think SafetyNet came with Google Pay for contactless payments, most likely at the request of the banks. They had to work with the banks for that, that’s when they got the leverage. If they didn’t they’d just go partner with Samsung instead, who already had Knox, and I did see Samsung Pay on my phone before Google Pay was available at all.
They also had to increasingly deal with shitty root detection libraries that were getting popular and excluding legitimate users because the latest Android changed things enough it looked modded to the apps. They probably saw it as a lesser evil to just take it in their hands.
You don’t need that much leverage to put enough pressure that there’s enough demands for a feature for the feature to get added. Android was dealing with a lot of fragmentation, piracy and quality problems already, Google needed people to see Android as not just the shitty budget option, they wanted to compete with the iPhone proper.
The entheusiast market only gets you so far. You need entheusiast buy-in at first, but then you have to pivot to end user “premium” experience, which is why brands like OnePlus eventually turn their back to the users that propped the company up. Regular users would rather pick the walled garden than the open world if it means their apps work better in the walled garden. The walled garden is a better experience for the average moron.
Google outright lets you unlock your bootloader on Pixels, and relock it with your custom keys, and even tells you how to do all that in the docs. You lose Play Integrity certification which is where things are getting a bit messy.
But for that you have to blame Amazon, Netflix, Hulu, Disney, a lot of banks, a lot of games for using what is basically DRM for apps. It’s the developers that want those features, so you can’t mod their APKs and take the ads out, make sure you download the official version from Google Play because dumb users getting scammed and all that stuff.
I run LineageOS on my phone, I’m not doing anything whatsoever to hide it, and pretty much everything works perfectly except Google Pay. Which I guess is fair game, I hate it but there’s a reasonable argument to be made there.
The rest is the same DRM woes I deal with on Linux, I value my rights and freedoms more than running an app.
What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.
When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.
I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.
Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.
It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.
Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.
One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.
I think that’s what Friendica is supposed to be, decentralized Facebook.
The performance is a good point. You can do the striped mirror with ZFS too and still get the advantages of ZFS.
I think you can do all of that through the Proxmox UI, but it shouldn’t be too hard to do on the CLI either. You just make two mirror sets and you’re good to go. ZFS should automatically distribute the load across the two mirrors.
I’d probably do RAID-Z with ZFS rather than RAID10, better space utilization and better error correction. Should be able to easily set that up in the Proxmox web UI.
Everything else sounds good. Don’t worry too much about it, you will find things you wish you did differently regardless, that’s part of the learning experience.
LDAC works just fine on Linux, but may be a different package or repo since it’s somewhat proprietary. Just worked out of the box for me on Arch.
The main issue you’ll run into is nicher proprietary software being hard to install, but that’s what containers are for. The main one I see is if you need to install some proprietary VPN client it gets annoying, but since you’ll be running a VM anyway you can do some network trickery. My work’s antivirus only works on Ubuntu and RHEL, proprietary kernel modules so it’s got to be at least one of those kernels.
Linux is Linux, nothing’s impossible to solve even with Bazzite’s immutability. Worst comes to worst you make your own images and it’s not that hard, you basically just fork it on GitHub and let the CI do its thing.
But do you have time to fiddle to make it work and take the risk, or do you want to play it safe? How confident are you with Bazzite’s more advanced topics?