Yeah and this still wouldn’t cover something like xz-utils because I would only be aware of end user projects and not the libraries behind them. I’d have to draw up entire dependency graphs.

Now run an emulator within an emulator for extra acceleration.

If you don’t already, use version control (git or otherwise) and try to write useful messages for yourself. 99% of the time, you won’t need them, but you’ll be thankful that 1% of the time. I’ve seen database engineers hack something together without version control and, honestly, they’d have looked far more professional if we could see recent changes when something goes wrong. It’s also great to be able to revert back to a known good state.

Also, consider writing unit tests to prove your code does what you think it does. This is sometimes more useful for code you’ll use over and over, but you might find it helpful in complicated sections where your understanding isn’t great. Does the function output what it should or not? Start from some trivial cases and go from there.

Lastly, what’s the nature of the code? As a developer, I have to live with my decisions for years (unless I switch jobs.) I need it to be maintainable and reusable. I also need to demonstrate this consideration to colleagues. That makes classes and modules extremely useful. If you’re frequently writing throwaway code for one-off analyses, those concepts might not be useful for you at all. I’d then focus more on correctness (tests) and efficiency. You might find your analyses can be performed far quicker if you have good knowledge about data structures and algorithms and apply them well. I’ve personally reworked code written by coworkers to be 10x more efficient with clever usage of data structures. It might be a better use of your time than learning abstractions we use for large, long-term applications.

I really liked how coupling is described as “knowing.” I find we talk about “does x need to know about y?” more than we do “is x overly coupled to y?” because the former is a relatable indicator of the latter.

I was going to say that Cloudflare uses nginx but I found that’s no longer true.

F5 is American, they just had a Moscow office.

However the creator of nginx, Igor Sysoev, is Russian.

I use a UK keyboard, | is pretty easy to access and $ is Shift+4.

I’m guessing you mean more exotic keyboards. I’ve used a Swedish keyboard while helping a friend and I had to ask where every key was. You probably just learn the combinations eventually.

The biggest issue most people have with it is the dynamic DNS feature, which is automatically enabled and contacts their server to create the record. If you turn this off before connecting the router to the internet, you’re probably good.

The simplified DoH client also only allows either Cloudflare or NextDNS, which aren’t the most privacy-oriented options. Still, it’s possible to set up your own.

Otherwise I’ve never heard of anything major; the devices are cheap and reliable. I’ve had one running constantly for years and only had to reboot it manually once.

Nice to know, I was pretty sure my experience was purely anecdotal.

I can anecdotally say that the more right-leaning people I know are the most anti-FOSS but I’m not sure that applies generally.

Even that comes with a caveat: the people I know disagree with it philosophically, i.e. they can’t see how it can work for the maintainer and won’t donate, yet are as happy as anyone to use something for free.

Even some shops working with Windows Server are asking “wait, why are we paying for these licenses?”

Then it comes down to whether it’s cheaper to rewrite legacy applications or continue to pay for licenses.

Yeah and ARM servers are cheap. You can often get twice the processor cores and memory for the same price.

That doesn’t always map to twice the performance, though some benchmarks would suggest it could for certain applications.

Absoutely. I mostly use Firefox because I’m so familiar with it by now but the privacy is generally much better and it doesn’t have a massive monopoly on the web. I’m just a lot more comfortable with it.

When I have to, I use ungoogled-chromium on desktop and Bromite on mobile. I recommend those to anyone familiar with Chrome.

I’ve read not to bother with Decentraleyes. The dependencies are often out of date which mean you’ll hit 3rd party CDNs anyway. Unless its coverage is 100℅, it’s less than useless for privacy as the hit pattern to CDNs might even make you stand out.

Privacy Badger is also redundant if you have uBO.

These two form a “mesh VPN” which use direct encrypted links between any number of devices. You can think of it as forming a virtual LAN where you can communicate with devices, including open ports. A lot of them have clever tricks to overcome CG-NATs, which you seem to be struggling with.

Another option is to just rent a server. You can get massive storage space for less than some VPNs cost and you don’t need powerful hardware if your device supports the codecs you’re using. You could even get a cheapy VPS and reverse proxy to your Jellyfin server through an SSH tunnel or similar. Lots of options here.

Has anyone independently verified that this is the case for the FP4? It’s well known that the FP3 accepts testsigned ROMs, but all discussions regarding the FP4’s trusted keys points back to the same FP3-specific thread on Fairphone’s forum.

It seems so.

I don’t know, it does make flashing custom ROMs easier but I would rather have to install my own signing keys or signing keys for the ROM as this way renders a part of the device security completely useless. I’d at least like to have known when I bought it.

I’m not paranoid which is why I’m still using the device but these three points were each huge disappointments which make me not want to buy another Fairphone.

I think it’s a Qualcomm Snapdragon SM7225.

It’s not really about better, it’s more knowing what I’m getting. It’s not their fault that Qualcomm’s support is only 3 years (at the time) or that it takes them 10 months to develop support for the chosen SoC which eats into part of that 3 years. Still, I got the phone thinking I would have a reasonably secure device for 4-5 years which wasn’t entirely accurate.

I love the idea and, if you’re willing to sacrifice some security for sustainability, that’s great. I just want people to know what they’re getting into because I didn’t.

As the owner of a Fairphone 4, don’t get one.

It’s sold as a 5G phone but crashes intermittently if you actually enable 5G. I bought a 5G phone and I’m still on 4G. I wish I could say that’s the most of the problems, I could live with that.

The software support, in my opinion, is falsely advertised. You do get 5 years of kernel and Android updates but the system-on-chip updates, which aren’t made by Fairphone, end October of this year. That’s a whole important part of the updates which cease only 2 years into support.

Then, there’s the real kicker; the hardware root of trust has the (publicly available) AOSP test keys installed. This means anyone can sign and flash a verified ROM if they have access to the unlocked phone. That’s perhaps not too important for most people, but it screams incompetence and it means you cannot trust a second hand device.

When the SoC support is up, I’m moving to a Pixel. I’m done rolling the dice on Android phone manufacturers and I want a well implemented device.