I do see remote attestation as a grave threat not just to mobile phones, but to general purpose computing as a whole (well, aside of offline use cases perhaps). It creeps in slowly, but I'm hopeful we can still fight it off.
Only the very cheapest phones still have eMMC. I bought a Pixel phone second hand last year and it shows the wear level of the storage somewhere in the settings. I forgot the number but it was so low, extrapolation got me to something crazy like maybe 20 or 50 years of expected use at that rate
That consumer rate isn't datacentre use, but not every task is write-to-persistent-storage intensive. You can also replace the sdcard and write to that instead if this is a worry (that's what I've been doing on my phones since I use them quite intensively; maybe that's overkill nowadays idk)
There isn't, but part of Google's requirements for using the trademark "Android" is iirc shipping a locked bootloader. If you also want to provide your users with the Play Store (many people will perceive the device as unusable without that), you also can't ship it with a su binary or something. It needs to come in a locked state where people only get user-level access, no permissions to read the data stored on there (outside of Downloads and DCIM and the like), no permissions to use TCP port 22, etc. Like the level of access many employers provide to non-tech personell as a device they don't own. As to why manufacturers are less and less often adding support for unlocking the hardware, I can only make assumptions
Google is requiring it be closed and leaving the unlock entirely optional. That's a choice
Right, because the android security model considers app developers independent entities with security privileges equal to those of the device owner (in that both parties need to authorize access for things to work, the device owner doesn't have more privileges than the application developer when it comes to the application). Those mechanisms are necessary for that security model to work. If you want to operate with a different security model that's fine, but you just need to use something other than Android. The bootloader situation being optional is Google not getting overly involved in the device maker's business outside of the scope they should have influence on. And they set the precedent via Pixel for how they think others should do it.
I don't have time for an elaborate sourced answer but in short, yes, the efficiency gains of modern devices is almost negligible compared to the CO2e of producing a new device at current device lifespans. I can't remember if you would have to use a device for 15 or 25 years before upgrading is better than continuing to use it, but I thought it was 25
Edit: yes, 25. Found my go-to reference for this quickly after all
> The report about the cost of planned obsolescence by the European Environmental Bureau [7] makes the scale of the problem very clear. For laptops and similar computers, manufacturing, distribution and disposal account for 52% of their Global Warming Potential (i.e. the amount of CO₂-equivalent emissions caused). For mobile phones, this is 72%. The report calculates that the lifetime of these devices should be at least 25 years to limit their Global Warming Potential. —https://wimvanderbauwhede.codeberg.page/articles/frugal-comp...
The carbon cost to produce or use a new phone isn’t relevant here.
The important question is whether repurposing an already-existing phone to act as a server (including physically adapting the phone and producing whatever extra hardware is required to do that) is less carbon-costly than producing and using a new designed-for-the-purpose server.
Some fraction of the ones that use the phone for password storage and banking. The latter seems to be nearly everyone, the former is very likely if there's a techy in their lives but since maybe 5-7 years it also seems to be becoming quite mainstream
> Approximately nobody is throwing away phones because the OEM stopped providing security patches.
I thought that, but a surprising number of people think that no support means that their device becomes vulnerable on the very next day. Not all of them act upon it but that seems to be the understanding of people who know what a security update is (not my grandma, but my mom for example) but aren't real techies or just not in this area. And it's not like these people are installing non-OEM patches! Nice as that would be...
Some time before and during covid, I feel like security update awareness became a lot more mainstream. Maybe because there's not much else to talk about in smartphones anymore anyway, so you shift from "ooh this fancy new one has a fingerprint reader in the power button and its notification LED on the back!" to "I don't want a new one; which one can I use for the most amount of years to avoid this hassle"
Probably also a culture thing. I guess most people in low- and middle-income countries have other worries; I'm speaking from a northwestern european viewpoint
'only'? A web developer did not cost 12*30=360$ an hour in 2015, and that's assuming that going "ugh, whatever. I'll just hide the problem with overflow:hidden instead of finding the underlying cause" takes him or her 2 minutes and isn't already the dev's initial reaction
Another way of looking at it is using as much electricity as a normal person in a high-income country uses across ~3 days to add overflow:hidden in the end. Of course, the path to get there did a lot more, but you don't know that beforehand if you don't take a quick peek and make an architectural decision about what the solution should be that gets implemented
It'd be $8.52 in 2015 dollars, but certainly they are the ones who mentioned the $12 amount not you, so I'll put that aside.
Far more importantly, you would not get billed for 2 minutes of work for this if you paid a developer to fix it. At best, half hour increments for the fix. But more likely, for the full hour. Also, in this comparison, the consultant is on call every day, morning, afternoon, evening, for whatever you wanted and will jump on the job immediately.
Did OP get called to fix this bug and bill in half-hour increments for it? I was assuming the scenario where it's a hired developer doing their thing as part of their regular workday (they write "I noticed a glitch"), writing a new feature and noticing the problem as they look at what they made
In an expensive consultant scenario where this is the only thing they need to do that day for this customer, yeah sure if you can ask a computer to replace a whole billing cycle then that is cheaper, at least when ignoring the climate externalities that come due later (idk how to price that in)
...and won't mind if you change your mind. And again. And again. And again for as long as you care to iterate your design, experiment with a business user over your shoulder, etc. etc. etc. People routinely avoid throwing away work because they get emotionally attached to it, even if they get paid by the hour. LLMs just do as they are told, and thats worth a lot.
I'm a fool for thinking that MiMo, in the context of Xiaomi who makes WiFi equipment (smartphones and routers), would be about network technology to manage parallel data streams (multiple inputs, multiple outputs https://en.wikipedia.org/wiki/MIMO)
Missing the zeroth option in the "doing Fn right" suggestion list: don't use Fn.
I have a keyboard here with a handful of extra keys at the top which do all these functions that the author is showing as Fn functions on their keyboard. Isn't that simply the right option?
Also on laptops: yes, I want to change the brightness regularly, but also I use the function keys in applications that support them. There's already like 100 keys on there! How much do the extra ones cost? I don't buy the cheapest laptops anyway, I'll buy what I think will work the best. No manufacturer offers this option though. Even Framework has only half-height escape and function keys shared with Fn triggers :(
I tend to go for keyboards that don't need all of that messing about with the Fn key, too.
By the way: It's a lot more than 100 keys. People tend to accept that because they have what is called a '105-key' keyboard that it actually has 105 keys. One of my '105-key' keyboards has 124 physical keys. For approaching a decade now, I've wanted a 127-key keyboard from Brazil. Formally, that's a '107-key' keyboard.
For laptops the primary concern will be space rather than cost. With everyone trying to be as thin as possible there isn't much empty space and a more keys need a larger keyboard which also takes more internal space.
reply