Wafrn might be worth a look. I’ve been meaning to try it myself.

Mastodon’s character limit is pretty easy to change when self-hosting, but it has other limitations like a lack of even basic formatting and images inline in posts. I think that’s true of several of the others as well.

There is a risk Google could tamper with the app for specific users if they’re installing it from Google Play. I think it’s likely security researchers would discover that if it was widespread, but there’s a chance Google could do it undetected if they targeted it selectively enough.

People who are concerned about this can download the APK directly from Signal and check its signature before installation.

Signal uses reproducible builds for its Android client, and I think for desktop as well. That means it’s possible to verify that a particular Signal package is built from the open source Signal codebase. I don’t have to trust Signal because I can check or build it myself.

If I don’t have extreme security needs, I don’t even have to check. Signal has a high enough profile that I can be confident other people have checked, likely many other people who are more skilled at auditing cryptographic code than I am.

Trusting the server isn’t necessary because the encryption is applied by the sender’s client and removed by the recipient’s client.

• Reasonable: prevent downgrades when the bootloader is locked
• Sketchy: prevent downgrades when the bootloader is unlocked
• Unhinged: hard-brick the device when a downgrade is attempted

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

Porkbun charges $11.08 for a .com with whois privacy. $30/year for email hosting might be worth it if you’re getting very good service, but I think you’re overpaying.

$11.08 for a .com. Source: just renewed.

A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.

The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?

I wonder what an alternate history where Google chose not to become evil would look like.

What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.

Samsung, Huawei, Microsoft, and LG tried similar ideas and none got much traction.

I’m not sure it’s actually a good idea even now that phones have enough CPU and RAM for an adequate desktop experience. It’s certainly not a good idea running Android as we know it, where apps are data silos and have UIs that don’t cleanly transition from the palmtop experience to the desktop experience.

You can do that today with a Linux tablet and Waydroid. It’s more like running the Android apps in a VM than something really well integrated with the Linux environment, but perfect is the enemy of good.

I got my first tablet this year after a long time as a skeptic. It runs Arch, BTW.

Most of the time it has a keyboard attached and I use it like a laptop, but it’s nice to be able to watch movies on flights during taxi, takeoff, and landing because tablets and phones are allowed, not laptops.

Gnome is really nice on a touchscreen aside from the terrible onscreen keyboard. KDE is a little rougher, but its onscreen keyboard is decent.

I remember making a note to look into it several times, and thinking I should buy one (exactly one) when it was about $600. If I had, I imagine I would have sold at 10x rather than holding until 100x or its peak at 200x.

I actually did think it or a successor would become important as a consumer payment method. I was wrong there.

I remember playing with a Motorola Atrix in a store. It seemed like a really cool idea.

I thought people would learn how to use computers.

It seemed as if most of the millennial generation in wealthy countries did learn to some degree and I expected it to be even more true for younger generations. Those more sophisticated users would enable more sophisticated and flexible applications. Technology would empower individuals while weakening corporations and governments.

Instead, the most reliable recipe for popularizing tech is to dumb it down. Millennials represent a peak of digital literacy (in wealthy countries) and those younger tend to have weaker technical skills.

I hold the (possibly mistaken) belief that someone who can program everything from a web browser to a screensaver can, if they so choose, be a good sysadmin.

I also believe programmers usually don’t choose to be good sysadmins, viewing such work as an annoyance to spend as little effort on as they can get away with, which is what it looks like jwz has done here. Someone with his experience should be self-aware enough to understand who is to blame when that’s what they’re doing.

I wonder how many people have company email addresses there.

It’s a bar/nightclub. Most employees at bars don’t use email as part of their work. It would be unusual (though maybe on-brand for jwz) for bartenders to have company email addresses, for example.

Given his background, I’m certain he can do a good job of being his own IT admin if he wants to. He seems to want some of the benefits of that while having Google do the parts he doesn’t like.

Google, on the other hand seems to want to drop features that I think it intended to encourage people to migrate from ISP email accounts to Gmail 20 years ago and now sees as cruft and/or security concerns.

He does have his own mail server according to the post. He doesn’t want to store the mail long-term, filter spam, host a web mail client, or support employees setting up native mail clients.

The whole @gmail.com thing also opens up potential regulatory issues depending on the details of the business.

It’s a bar.

I’m probably missing some big detail, but I don’t get why he has his current setup to begin with.

The post makes it sound like he has a bunch of automation he likely wrote himself on incoming mail, but he wants Google to do some messy parts (spam filtering, archiving, providing a nice client). Google has no reason to want to continue doing that for him and the handful of other people doing something similar.