The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
There are many third-party money apps that login to your online banking that are a violation of ToS. That doesn't stop people using them. In fact, when they get really big, they can be legitimised by banks. For example, to get my mortgage, I had to use a third party service that logs in to my online banking account and ingests all my transactions to show that I saved for my deposit legitimately.
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
GrapheneOS has offical support for hardware attestation[0].
It does require the developer to make minor adjustments, and most banks are simply too risk averse to agree to doing that (I would know, used to be a senior android app dev at a bank).
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
What they say they want to accomplish could be almost 100% accomplished with self signed certificates. Or public certificates like letsencrypt etc. if you absolutely have to have third party attestation of the key.
The fact they incidentally position themselves as the only gatekeepers rather than accomplishing the same without doing that tells you all you need to know about their intent.
There are big tech companies which are slowly moving their staff (for web/desktop dev to asic designers to HPC to finance and HR) to VDI, with the only exception being people who need a local GPU. They issue a lightweight laptop with long battery life as a dumb terminal.
The desktop latency has gotten way better over the years and the VMs have enough network bandwidth to do builds on a shared network drive. I've also found it easier to request hardware upgrades for VDIs if I need more vCPUs or memory, and some places let you dispatch jobs to more powerful hosts without loading up your machine.
It's not open source but used Axis cameras are pretty cheap and have rtsp and onvif support. Those mostly come from commercial installs and can be configured offline using a web interface.
This is worth mentioning but a GPU or TPU is not required if you have a small number of cameras and set up your detection zones right. I use a low resolution/framerate MJPEG substream for detection to reduce the amount of decoder effort and use h264 only for recording and viewing. Openvino is the recommended choice for CPU recognition and it's much faster than the default Tensorflow detector.
It only uses around 20% CPU on a 6 core VM (running on a Ivy Bridge Xeon) with two cameras.
My bank tells me via email to not click on links in emails and to directly visit their homepage instead. That's fine, but that email itself contains a link to their fraud prevention page (to learn more) and another link to log into their online banking service.
This is exactly my experience with asking for more compute at work. We have to prepare loads of written justification, come up with alternatives or optimizations (which we already know won't work), etc. and in the end we choose the slow compute and reduced productivity over the bureaucracy.
And when we manage to make a proper request it ends up being rejected anyways as many other teams are asking for the same thing and "the company has limited resources". Duh.
> If someone told us in the 1950s a TV manufacturer was exerting pressure on our forms of information distribution and was choosing which voices get a seat at the table, we'd rightly call that archaic and wonder why people would accept a technology provider as a market-shaping force. But today we accept it nonetheless.
A smartphone from Google or Apple is also pretty much required for certain government apps, banking/financial services, and so forth. I wouldn't call it a stretch to say that in the future it would be mandatory to have these duopoly controlled devices on your person at all times, like how you need to carry an ID card.
Many of those apps don't work on rooted phones or custom ROMs without workarounds and doing so is a TOS violation in many cases as well. Also imagine what it would be like if your Google or Apple account got banned by accident with no human support to sort it out.
That's an excellent point. I use Android LineageOS with no google apps. The amount of bullshit that I, a literal computer science PhD, have to put up with to somewhat avoid the more pernicious parts of the monopoly, is insane. Critical and even mandatory parts of my life (banking, government services) require me to engage with google in one way or another.
I actually put up with Lineage for many years before it got so bad that I had to switch to an iPhone. Before 2020 many apps still worked fine with it. All my computers are Linux and I self host everything, but I just couldn't risk an account lockout or a broken bank app.
Honestly I wish there was a legal requirement for those services to provide full access via a relatively open platform (like a web site), not a mobile app.
