1. 2

    Various things:

    • I’d like to grow my Go knowledge to a level where I can safely say I know it well enough to build production-level software
    • same thing, but for Android development (mainly Java)
    • again, same thing but for C and ARM TrustZone :-)
    • learn the basics of calculus (which I’m already doing because of university)
    • get to play to a reasonable speed a couple “guitar-hard” songs like Overture 1928 or Pariah
    • learn to write some more about what I do (I have a blog to resurrect!)
    1. 3

      Do you really need to have root privileges on your Google-free phones?

      I would like to keep my phone as much secure as possible, and having root privileges enabled doesn’t seem like a smart choice if you have security in mind too.

      1. 7

        Yes. I’m the owner of the hardware, I want to be able to do whatever I want with it, including the things that not having root would prevent me from doing.

        1. 3

          The problem with this idea is that you are also allowing the possibility for any applications you install to also use root. Some ‘root access management’ apps will prompt you, etc, but then you’re just depending on them to not have any issues that would allow an app to circumvent their checks.

          I am the owner of my hardware, and I choose to not allow applications to assume more permissions than the OS was designed to allow them to have.

          1. 7

            That just sounds like an argument for improving those components instead of giving up control altogether.

            1. 8

              Not at all what I intended. I’m merely pointing out the downfall in enabling root access on current mobile operating systems. I would use root in an OS which I could control, sadly there’s no longer any mobile device supporting one (RIP N900), but hopefully there will be a new one soon (Librem 5 cannot come fast enough).

              1. 2

                That makes sense.

                1. 2

                  My N900 is still kicking, but yeah it’s not my daily driver because browser reasons :P

                  Besides Librem5, we’re also waiting on the Pyra. The Gemini is here today running Debian as an alternate. Also running ubports on a Nexus 5 can get you close.

                  1. 1

                    Of course! There’s also postmarketOS.

              2. 3

                There used to be a lot of good use cases for rooting an Android phone, because there were a lot of reasonable things you needed root to do (run VPNs, block ads, change DNS settings, put background apps to sleep) and a lot of the culture of that time has persisted in the Android modding community. But over time, most of the things you really needed root for have been either added to the base system (doze, night mode) or made available to a user-space API (VPNs) or developer settings. With Android 7 or later, the only thing you really would need root for is micro-tweaking kernel settings, and that’s really only useful when you’re trying to get the most out of older hardware. Now it’s worth the little bit of extra security to leave your phone/tablet unrooted.

                1. 4

                  There used to be a lot of good use cases for rooting an Android phone

                  If you’re using a carrier-branded phone there are still reasons:

                  • Debloating/disabling undesirable preinstalled apps.
                  • Fine-grained app permissioning (xposed framework).
                  • App hibernation and background running control.
                  • DNS choice and filtering.
                  • Ad Blocking.
                  • Enabling hotspot support (varies with carrier).
                  1. 4

                    Some of those (DNS and ad blocking) no longer require root.

                    If you are able to unlock the bootloader and run something like LineageOS, then you effectively resolve the remaining issues without rooting the device.

                    1. 1

                      Oof. Yeah, though to be totally pedantic, you could install an unrooted LineageOS on that phone (if it, or similar, is available), and get most of those. Blokada gives you DNS choice and filtering and ad blocking, and it doesn’t require root (it uses the VPN framework).

                      1. 1

                        Blokada

                        I’ll give that try. I found DNS66 to cause long hangs and random lookup failures and, of course, AdAway requires root.

              3. 4

                The ‘root access’ moniker is a bit of a misnomer as it makes many people seem to think disabling it disables the root account. This is of course not what happens, Android being *nix underneath it by definition has a root account which is used to boot the device and run a host of services. Any bugs which would give rise to local root access still apply no matter whether a working su is installed or not. If the installed su app is working as it should the attack surface is only raised by so much as the user remains vigilant over granting root to specific apps. Any app which does get root can abuse it so this privilege should only be bestowed upon those bits which are ’ known to be trustworthy’. In other words, the security of a ‘rooted’ device depends for a large part on the judiciousness by which the user grants or denies root access, just like the security of a firearm depends on the hand wielding it.

                1. 1

                  depends for a large part on the judiciousness by which the user grants or denies root access

                  Not entirely. It also depends extremely heavily on the mechanism used to manage root access (e.g. SuperSu). If that application has issues that can be exploited to go around the user intervention, then all bets are off. Suddenly your firearm is capable of firing without you touching it.

                  1. 1

                    If the installed su app is working as it should the attack surface is only raised by so much as the user remains vigilant over granting root to specific apps.

                    1. 1

                      Ok, but my point is that’s a mighty big assumption to make.

                2. 3

                  Like any decent system, every root requests are accepted (or rejected) by the user.

                  It’s not like you installed an app from the store and it uses root without you knowing.

                  1. 3

                    You’re assuming the root manager software (like Magisk, or SuperSU back in the days) has no security issues whatsoever.

                    Mind you, I’m not saying that commonly used root managers are compromised, but I believe that the current status of Android rooting management is inherently insecure because we rely on software not always audited. I prefer having a custom ROM (maybe even with a custom boot chain of trust!) without root rather than leaving such a wide attack surface available for an hypothetical rogue party.

                  2. 1

                    because if someone stole your phone and guessed your root password they could install whatever they want on it?

                    1. 1

                      Is this an argument against my thought? If yes could you please elaborate more? I’m curious about your point of view, and I’m afraid my (lacking) knowledge of English didn’t help me understanding your reply.

                      1. 2

                        i’m confirming how having root access hurts security. which attacks can be carried out when your phone is rooted, which couldn’t be carried out if it weren’t rooted?

                        1. 3

                          An app with root access can read the private data of other apps, and can generally disregard the permissions system, so that’s two major classes of things there.

                          1. 1

                            but the user would be able to decide whether to run a program as root, wouldn’t they?

                          2. 3

                            One could trick the user into installing an app that bypasses root managers and gets root permissions directly. From there, the same rogue app could steal basically everything from the user’s phone without even noticing anything.

                            1. 1

                              why would the app be run as root? on linux i can build and run programs as my user account without giving the programs root permissions. i install programs with sudo, but then i’m running the package manager which is code i trust, not the programs i’m installing which i trust less. after installing a program, i still have to explicitly run it as root. does android work differently?

                    1. 1

                      Very interesting!

                      Just a typo, in Part 8: “proccess” :)

                      1. 4

                        No, but I’d like to have a working CLI mail client, even just to check and mark as read.

                        I use multiple accounts (university and Gmail), how do neomutt works with this kind of workload?

                        Do I have to setup a MTA?

                        Since most email are (sadly) html, how could I read these?

                        1. 2

                          I normally use Mutt with multiple accounts. There are several ways you can set that up, and a lot of them are decently documented. I use something very similar to this.

                          It’s not necessary to run your own MTA; I use Mutt’s built-in SMTP support with multiple GMail accounts with no issues.

                          Most of the people and services I communicate with send a plaintext version of the email alongside the HTML version, so I have a lot less HTML trouble than expected. However, for HTML-only email, the best option I could find is to save the HTML file to the disk and use a web browser to read it. It should be fairly easy to create a macro for that in Mutt.

                          1. 4

                            I have a .mailcap file setup with the below. It does a pretty good job letting me view what I need from HTML emails. text/html; lynx -dump %s; copiousoutput; nametemplate=%s.html

                            1. 1

                              Thank you for your the inputs, I’ll check out (neo) mutt as soon as possible.

                          1. 15

                            I want to reiterate - please tell the Go team if you can share concrete problems, or if you found something you could do but was too hard to do. A lot of Go team members work at Google which has a ton of different processes and specialized tools for everything and might not understand how you are using or trying to use Go.

                            If you don’t want to share publicly you can email me privately - kevin@burke.services

                            1. 4

                              Thank you for the hard work, it’s a beautiful programming language!

                              1. 2

                                I want to use Go also on embedded devices where I work, but the executable sizes are currently too large. For example, 10MB is too much for a small utility, but 1MB would be passable. Unless there are some tricks I have missed (I have tried stripping the ELF files, ++), a request for having a build flag for generating tiny executables is in the pile.

                                1. 1

                                  You could dynamically link your binaries, thus reducing the binary size a lot https://stackoverflow.com/a/30488222

                                  1. 1

                                    That’s a good tip, I will try that. What I was originally thinking about was something similar to GCC’s -Os for size optimization, but for Go. Perhaps that’s already possible?

                                    1. 1

                                      As far as I remember, the go compiler already uses and enables a handful of binary size optimization by itself.

                              1. 7
                                1. 2

                                  How does it perform?

                                  I haven’t thought about it, but if I’m stuck on Windows, this is my preferred player as well.

                                  1. 3

                                    It worked just fine on my 2005-spec machine in 2005, and it doesn’t look like it’s had much feature creep or a disastrous acquisition since then.

                                    1. 3

                                      Foobar2000 Is the best music player ever written, with support for themes and plugins.

                                      It performs great even on low-end hardware, and can output to ASIO in bit-perfect mode.

                                      I’ve been a Linux user for 10 years now, and Foobar2000 Is the only software which hasn’t a comparable alternative.

                                      I you’re lucky enough, searching for “what.cd foobar” will lead you to the best theme/plugin combo ever composed.

                                      1. 2

                                        HN recommended DeaDBeeF as an alternative for Linux http://deadbeef.sourceforge.net/

                                    2. 1

                                      I hope the story on configuring this has gotten better. Many years ago it seemed like a total pain to set up, even if it is super fast and efficient.

                                    1. 1

                                      This week I’m working on a personal project, which will eventually become my first production-ready, commercial one; finally getting some design documents and mockups ready for the next iteration: sequence diagrams!

                                      I know this is not the new, agile way, but I find these kind of documents (especially sequence diagrams) very helpful while designing an application or a service.

                                      Plus, I have to wrap my head around NP vs P, and I need to read the new ;login: issue!

                                      1. 1

                                        What is the project?

                                      1. 1

                                        What’s a typical use case for a setup like this?

                                        1. 5

                                          Personal: I’m trying to get back in shape by following the (in)famous Couch-to-5K program; I’m at the end of the fourth week, and to be honest I’m feeling better than ever! I’m trying to write more on my blog, but finding something interesting to blab about is harder than ever nowadays.

                                          University: I’m studying Turing Machines and finite-state automata theory: very interesting arguments, but hard to understand. As a project for another exam, me and a colleague wrote a small paper about differences in approach and performance between Go and C+MPI; turns out the good ol’ C approach to parallelism isn’t always the fastest option available (which was an unexpected conclusion, to be honest).

                                          Hacks: since the cryptocurrency mining world is getting interesting again, I might publish a service I’ve been working on for some time that could help miners to watch on their rigs more easily… But first, exams!

                                          1. 1

                                            Great job with your consistency on the C25k program. You’ve already cleared the hard part.