

Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.
Be very wary of what apps you install, and in fact, try to only use FOSS.
Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.
Be very wary of what apps you install, and in fact, try to only use FOSS.
Yes, it would. Those basically create sandboxes.
So the first line says that it’s for older versions of android before 2022. But the next paragraph says:
For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.
So this may still be possible, however sandboxing, especially GrapheneOS’ implementation likely mostly, if not entirely reduce this risk.
I know it’s definitely personal preference, but I’ve never seen the appeal in folding phones. I’ve never needed a bigger screen, and I feel like I would break it very quickly. In fact, if I could get a smaller screen than the standard 9 pro, I would.
did you not read your link?
I’m not sure what you mean.
The reason I’m not switching yet, is that there’s no federated auth. If they had that, I’d switch in a heartbeat.
I mean, that’s always kinda been the case. Plex uses their own infrastructure to do remote streaming, and that requires that they know your IP address, and therefore your ISP. I don’t think this really changes much in regard to cops. If that’s your concern, definitely don’t use Plex.
Oh yeah, I totally forgot about that - mine does do this, and the LED is right in the bottom middle, and it’s super bright.
It probably doesn’t need to be - but it was required to set up. Before I had my shield, I allowed local connections for local streaming, but you are correct, it’s probably no longer necessary.
Ah, yeah, OpenBSD would do it. You’d basically be limited to running it in a VM which would have severe overhead. For Linux based stuff, though, it has minimal overhead.
Interesting, what OS are you running? I’ve never ran into one that it doesn’t work on so that’s surprising.
I would counter that disadvantage with this: due to testing constraints, docker containers are usually updated more quickly when there’s a 0 day, and you don’t have to patch your entire OS if one single container has one. It reduces operator overhead greatly, because that’s what it’s designed to do. Even if one of your containers has a vulnerability, because it’s a container, it won’t necessarily affect your entire system, depending on the vulnerability.
I suppose that it adds technical overhead (not sure I would call it severe though), but in my opinion the benefit of docker is how easy it is to spin up a new service, and how easy it is to update and maintain the containers.
So, I use regex to block all Roku domains on my network via pihole:
(ads|logs|cloudservices|image|images|web|prod.mobile|wwwimg|captive|customer-feedbacks|amoeba|amoeba2|sr|giga.sb|cs).roku(.admeasurement)*.com$
Then, possibly overkill due to the above, I used OpnSense firewall rules to block all traffic from my Roku tv. I think I just got fed up with seeing Roku spam in my pihole, as the above regex seems to completely “break” Roku.
After that, I set up FLauncher (following the method #2 instructions on the gitlab page) on my shield. This makes it so I only see the Roku launcher for a few seconds while the shield starts up, and then I’m dropped straight into flauncher. I chose flauncher because it’s very simple and barebones, so you might want to explore other options if you want more advanced features. I don’t really need those features since I’m usually using an app anyway.
Note that I did all of that after the tv was configured and set up, YMMV if it’s a brand new tv as it may need to call home to do the initial set up.
Roku is bad, I have one older Roku ““smart”” tv that I just block from accessing the internet entirely, and use a shield with a custom launcher instead.
You can host remote files via SFTP + cloudflared (or another reverse tunnel provider) without opening any ports. Then you use a file manager to add a network share with your SFTP information.
For the calendar, WebDAV is probably your best bet, which also works with reverse tunneling. You can also use WebDAV in place of SFTP if you prefer to only have one (or two with a reverse tunnel) service configured. Nextcloud is a great option since it has WebDAV and file management built in.
I would use Docker to do it all, but there is a learning curve associated with setting all of this up in a secure way (which is what the reverse tunnel helps with).
Good thing I stopped going there after their greedy asses raised prices more than any other fast food establishment. Fuck them and their shitty food, I haven’t missed it one bit.
Thanks for the tips! I’ll give it a shot.
Do they stay shiny/lucky?
Sure, but I didn’t mean to say that FOSS couldn’t be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it’s more difficult for it to be hidden.