It’s definitely not legal, especially if your school is funded by the public. That “free internet and power” is paid by someone, and if it’s the public, it’s kind of a dick move.

They can’t see what’s in your ssh or VPN tunnels necessarily, but they can usually see where the packets are originating from and going to. So if you’re say, accessing it from home directly to the server via VPN or SSH, if you’re not doing so using a full VPN service like Mull, they’ll be able to see the origin IP of your SSH or VPN handshakes, and thus your home IP.

Surely US investors won’t harvest data and/or enshittify the product!

Should have just fired the CEO instead, would’ve saved millions and the company in one go.

Just last week, they were posting job listings for DevOps engineers. Glad the CEO’s bullshit stopped me from even considering it.

Steamdeck is better in every way anyway.

Sure, but I didn’t mean to say that FOSS couldn’t be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it’s more difficult for it to be hidden.

Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.

Be very wary of what apps you install, and in fact, try to only use FOSS.

Yes, it would. Those basically create sandboxes.

So the first line says that it’s for older versions of android before 2022. But the next paragraph says:

For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

So this may still be possible, however sandboxing, especially GrapheneOS’ implementation likely mostly, if not entirely reduce this risk.

I know it’s definitely personal preference, but I’ve never seen the appeal in folding phones. I’ve never needed a bigger screen, and I feel like I would break it very quickly. In fact, if I could get a smaller screen than the standard 9 pro, I would.

did you not read your link?

I’m not sure what you mean.

The reason I’m not switching yet, is that there’s no federated auth. If they had that, I’d switch in a heartbeat.

I mean, that’s always kinda been the case. Plex uses their own infrastructure to do remote streaming, and that requires that they know your IP address, and therefore your ISP. I don’t think this really changes much in regard to cops. If that’s your concern, definitely don’t use Plex.

Oh yeah, I totally forgot about that - mine does do this, and the LED is right in the bottom middle, and it’s super bright.

It probably doesn’t need to be - but it was required to set up. Before I had my shield, I allowed local connections for local streaming, but you are correct, it’s probably no longer necessary.

Ah, yeah, OpenBSD would do it. You’d basically be limited to running it in a VM which would have severe overhead. For Linux based stuff, though, it has minimal overhead.

Interesting, what OS are you running? I’ve never ran into one that it doesn’t work on so that’s surprising.

I would counter that disadvantage with this: due to testing constraints, docker containers are usually updated more quickly when there’s a 0 day, and you don’t have to patch your entire OS if one single container has one. It reduces operator overhead greatly, because that’s what it’s designed to do. Even if one of your containers has a vulnerability, because it’s a container, it won’t necessarily affect your entire system, depending on the vulnerability.

I suppose that it adds technical overhead (not sure I would call it severe though), but in my opinion the benefit of docker is how easy it is to spin up a new service, and how easy it is to update and maintain the containers.

So, I use regex to block all Roku domains on my network via pihole:

(ads|logs|cloudservices|image|images|web|prod.mobile|wwwimg|captive|customer-feedbacks|amoeba|amoeba2|sr|giga.sb|cs).roku(.admeasurement)*.com$

Then, possibly overkill due to the above, I used OpnSense firewall rules to block all traffic from my Roku tv. I think I just got fed up with seeing Roku spam in my pihole, as the above regex seems to completely “break” Roku.

After that, I set up FLauncher (following the method #2 instructions on the gitlab page) on my shield. This makes it so I only see the Roku launcher for a few seconds while the shield starts up, and then I’m dropped straight into flauncher. I chose flauncher because it’s very simple and barebones, so you might want to explore other options if you want more advanced features. I don’t really need those features since I’m usually using an app anyway.

Note that I did all of that after the tv was configured and set up, YMMV if it’s a brand new tv as it may need to call home to do the initial set up.

Roku is bad, I have one older Roku ““smart”” tv that I just block from accessing the internet entirely, and use a shield with a custom launcher instead.