At the closing game of the Embedded Linux Conference Europe, Tim Bird announced the dates of the 2026 editions of the Embedded Linux Conference:

- May 18-20, 2026 in Minneapolis, Minnesota, for the North American edition

- October 7-9, 2026 in Prague, Czech Republic, for the European one.

How could it be any better for me, meeting some of the finest people in this industry in one of my favorite cities in Europe?

Save the dates!

Buenos días desde la Administración Pública.

De vuelta de vacaciones. Y con ganas. Pero enseguida se pasan.

NVDA 2025.3 Beta 3 is now available for download and testing.

Changes introduced in Beta 3:
- Updates to translations
- Bug fix for SAPI 5 where NVDA did not announce certain gestures

See the release announcement for full changes and download: nvaccess.org/post/nvda-2025-3b…

#NVDA #NVDAsr #ScreenReader #PreRelease #NewVersion #Update #Beta #testing #fix #fixes #Software

I'm thinking of helping a friend set up a podcast. She's moderately technical and I wouldn't mind doing some of the hosting work.

What's a good podcast hosting software? Ideally something that makes it easy for the owner to upload their mp3 or whatever?

This is the puzzle page from the September 1909 issue of "The Ladies' Home Journal". You have to guess what letter of the alphabet is represented by each of the nine pictures.

The answers make no sense to me. Can someone suggest an explanation?

Pierrefonds residents frustrated as no crews in sight after watermain breaks before long weekend

ctvnews.ca/montreal/article/pi…

The management of this city....

Pierrefonds residents frustrated as no crews in sight after watermain breaks before long weekend

A watermain break in Pierrefonds Friday has left a community with a sinking -- and familiar -- feeling.

^{Anastasia Dextrene (CTVNews)}

OK what the fuck. Just got the following message. Dear Mrs Ramirez,

This is Special Agent Eddie, contacting you on behalf of the Federal Bureau of Investigation (FBI).

You have been reported in connection with an alleged incident involving the unauthorized acquisition of funds totaling $5,000.00 USD from an individual identified as Mr. Michael.Based on the preliminary information received, we are treating this matter with the seriousness it warrants.

At this time, we are in the process of conducting a formal investigation. You are advised that failure to cooperate or provide clarification regarding this matter may result in legal action, including but not limited to criminal charges, depending on the outcome of our findings. I have no idea whether I should be concerned or not. Because I know for a fact that I didn't steal $5000.

A IL de vez em quando acerta. É raro, é muito, muito raro, mas lá de onde a onde, naquela do relógio parado dar as horas certas duas vezes por dia, lá atingem o alvo.

ciberlandia.pt/@d3/11512447043…

So I have to build a team file access solution, and I wish I could stop myself from thinking that there has to be a more effective way to do this than unix-style permissions and user/group membership scheme.
And of course, there are many solutions. Thing is, this is a long-running, legacy system that is the backbone of an online business. Its not simply easy, nor quick for one person to transition an entire business that must be online and operational to an entirely new solution.
So this thing runs on a Debian 12 LAMP-stack server, with front-end Nginx proxies from a couple other boxes (those aren't all that important to this quandry though).
Team members will access the file store via SFTP, and at the moment, are using linux accounts for access. Perhaps there's a file solution that could provide SFTP access without requiring system level access. I should probably at the bare minimum investigate that.

The content is owned by a user, of course. This user is a member of its own group, as is standard.
So I'd have to create a team group, create user accounts for all team members, and add them to the team group.
I would then need to set directory and file permissions on the content so that the owner and group could do anything, and the rest of the world could only read.
It seems such as simple solution now that I've written that down, but for some reason, my brain is blocked on actually proceeding to do the work. Something about the whole thing fills me with unease. Clearly, I need to get over this unease and actually do something, I'd just like to figure out how to do that, LOL.

Did you know there's a German non profit association (Verein) behind #NewPipe?

[1]You can donate to it, or even join the association.

And also, did you know they are looking for two freelancers for android development and sysadmin things?

[2][1] newpipe-ev.de/about.html
[2] newpipe-ev.de/opportunities.ht…

This is what pull requests used to look like.

(The last sentence is particularly remarkable!)

бггггг

---

Продавцы техники определились с тем, как продавать смартфоны iPhone после вступления в силу с 1 сентября закона об обязательной предустановке российского магазина приложений RuStore. Apple отказалась следовать специально написанному под нее документу (по крайней мере, пока). В итоге с 1 сентября российская официальная розница начнет торговать «бракованными» айфонами. Предупреждения о «недостатке» (отсутствие RuStore) появилось на сайтах крупнейших российских торговых сетей электроникой. При этом условия продажи смартфонов не изменятся, сообщили «Агентству» в поддержке нескольких магазинов.

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 14 updated and 1 added apps:

* Umihi Music: a lightweight Material YouTube Music player 🛡️

RB Status: 700 apps (53.7%)

1 #Magisk module has been updated at apt.izzysoft.de/magisk

Enjoy your #free #Android #apps with the #IzzyOnDroid repo

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).

^{IzzyOnDroid App Repo}

Heute ist zwar noch nicht der 15. Dezember, aber wir haben trotzdem den neuen Fahrplan für die #mrmcd25 für euch 🗓️

talks.mrmcd.net/2025/schedule/

Pro tip: si pones una casa a la venta, procura que los cuadros que tu abuelito el de las SS se trajo cuando llegó a #Argentina🇦🇷 no aparezcan en las fotos

#inmobiliaria #noticias
elpais.com/argentina/2025-08-2…

Una casa en venta y un desliz: así se ubicó en Argentina una pintura robada por los nazis

La hija de un exfuncionario del nazismo publicó un aviso para vender su propiedad y en las fotos se detectó un cuadro desaparecido hace ocho décadas. La justicia local allanó el inmueble

^{Javier Lorca (Ediciones EL PAÍS S.L.)}

Sunday.

A productive but thoroughly exhausting weekend away supporting the good wife at work. her colleagues are lovely people and the members of the charity she works for all had a good time. I ended up at dinner with one of my former pupils, so it was good to catch up and say hello, even if by proxy, to a few old friends. Getting to that stage was a right fuss, though: we own 3 types of printer and I had to carry each one out of the office to the house for one reason or another on Friday (and the Braille one is a good 12 kilos). We were working around the plumber installing new radiators, so you'd print something out and then have to blow the dust off to get anything done.
The hotel turned out not to do place settings, so not only did we have to fill up the table favours for each family, but print seating charts on top. The available eyes qualified secretarialy about 45 years ago, so the process was .... convoluted.

Still, home now, sorting out some grocery for tomorrow and another week of the pregnancy ticks away...

If trains are the greener option, why are we basically being punished for choosing them?

The difference in trains vs planes ticket prices isn’t a coincidence, it’s the result of a transport system that rewards pollution.

Learn more: act.gp/460kBvh

I sent an email to a bunch of family members late Nov / early Dec. I know I did not hallucinate this; I had follow-ups with several people.

The message appears to be gone. Just ceased to exist. Can't find it anywhere. So weird.

Will try digging through my backups...

Come explore a large random selection of forever open source #TTRPG resources, from games to SRDs to art and more!

thoughtpunks.com/open-source-t…

#OpenSource #TabletopGames #IndieGames

Open Source TTRPG Resources - Thought Punks

Here's a collection of forever open licensed tabletop roleplaying games and resources. Borrowed from and inspired by the Forever Open Source RPG game jam

^{RevCasey (Thought Punks)}

F-Droid, hosted on Codeberg, Flathub

#catima and Energize on the top.

@SylvieLorxu

Is it possible to allow sideloading *and* keep users safe?

shkspr.mobi/blog/2025/08/is-it…

In which I attempt to be pragmatic.

Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.

Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store⁰.

I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.

There are, I think, two small cracks in that argument.

The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".

Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."

The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.

So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.

But that's not the only thing Google is proposing. Let's look at their announcement:

We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.

Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.

A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:

No rational user would install a purported battery app with that scary list of permissions, right? Wrong!

We know that users don't read and they especially don't read security warnings.

There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.

Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.

It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.

Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.

Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.

And people still click on.

Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:

This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.

…

September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.

The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.

Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).

There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.

Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.

It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.

Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.

Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.

Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.

Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.

And Yet…

This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!

Fuck that!

I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.

I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.

Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.

Going back to their statement:

To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.

This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.

They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!

I hate it.

I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.

Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."

But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.

So What's The Solution?

I've tried to be pragmatic, but there's something of a dilemma here.

1. Users should be free to run whatever code they like.
2. Vulnerable members of society should be protected from scams.

Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?

Do we say that the right to run free software is more important than granny being protected from scammers?

Do we pour billions into educating users not to click "yes" to every prompt they see?

Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?

Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?

Do we chase down and punish everyone who releases a scam app?

Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?

I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.

1. 
   

   Post by @Gargron
   View on Mastodon

   
   ↩︎

#android #google #rant #scam

Eugen Rochko

2025-08-26 04:30:36

"Sideloading" is the rentseeker word for "being able to run software of your choosing on a computing device you purchased". There is no reasonable case for an operating system developer having a say over what programs you run on your hardware.

#Android #Google

The #BSDCafe #Brew instance has been upgraded to Forgejo 11.0.4

#BSDCafeAnnouncements #BSDCafeUpdates