“F-Droid is not hosted in just any data center where commodity hardware is managed by some unknown staff. We worked out a special arrangement so that this server is physically held by a long time contributor with a proven track record of securely hosting services. We can control it remotely, we know exactly where it is, and we know who has access.”
Yikes. They don't need a "special arrangement" for those requirements. This is the bare minimum at many professionally run colocation data centers. There is not a security requirement that can't be met by a data center -- being secure to customer requirements is a critical part of their business.
Maybe the person who wrote that is only familiar with web hosting services or colo-by-the-rack-unit type services where remote-hands services are more commonly relied on. But they don't need to use these services. They can easily get a locked cabinet (or even just a 1/4 cabinet) only they could access.
A super duper secure locked cabinet acessible only to them or anyone with a bolt cutter.
You want to host servers on your own hardare? Uh yikes. Let's unpack this. As a certified AWS Kubernetes professional time & money waster, I can say with authority that this goes against professional standards (?) and is therefore not a good look. Furthermore, I can confirm that this isn't it chief.
Colocation is when you use your own hardware. That's what the word means.
And you're not going to even get close to the cabinet in a data center with a set of bolt cutters. But even if you did, you brought the wrong tool, because they're not padlocked.
Bolt cutters will probably cut through the cabinet door or side if you can find a spot to get them started and you have a lot of time.
Otoh, maybe you've got a cabinet in a DC with very secure locks from europe.... But all are keyed alike. Whoops.
A drill would be easier to bring in (especially if it just looks like a power screwdriver) and probably get in faster though. Drill around the locks/hinges until the door wiggles off.
I'd go with a drill -- but I'm not sure what possible threat vector would have access to the cabinet who would be able to get to the cabinet in any decent data center.
Because it's a secret, we don't know if it's mom's basement where the door doesn't really lock anyways, just pull it real hard, or if it's at Uncle Joey's with the compound and the man trap and laser sensors he bought at government auction through a buddy who really actually works at the CIA.
"F-Droid is not hosted in a data centre with proper procedures, access controls, and people whose jobs are on the line. Instead it's in some guy's bedroom."
It could just be a colo, there are still plenty of data centres around the globe that will sell you a space in a shared rack with a certain power density per U of space. The list of people who can access that shared locked rack is likely a known quantity with most such organisations and I know in the past we had some details of the people who were responsible for it
For some reason I'm reading emphasis on "just any" in their statement "not hosted in just any data center". I feel like it's at a data center run by this long term contributor.
In some respects, having your entire reputation on the line matters just as much. And sure, someone might have a server cage in their residence, or maybe they run their own small business and it's there. But the vagueness is troubling, I agree.
A picture of the "living conditions" for the server would go a long way.
> State actor? Gets into data centre, or has to break into a privately owned apartment.
I don’t think a state actor would actually break in to either in this case, but if they did then breaking into the private apartment would be a dream come true. Breaking into a data center requires coordination and ensuring a lot of people with access and visibility stay quiet. Breaking into someone’s apartment means waiting until they’re away from the premises for a while and then going in.
Getting a warrant for a private residence also would likely give them access to all electronic devices there as no 3rd party is keeping billing records of which hardware is used for the service.
> Dumb accidents? Well, all buildings can burn or have an power outage.
Data centers are built with redundant network connectivity, backup power, and fire suppression. Accidents can happen at both, but that’s not the question. The question is their relative frequency, which is where the data center is far superior.
>Breaking into a data center requires coordination and ensuring a lot of people with access and visibility stay quiet
Or just a warrant and a phone call to set up remote access? In the UK under RIPA you might not even need a warrant. In USA you can probably bribe someone to get a National Security Letter issued.
Depending on the sympathies of the hosting company's management you might be able to get access with promises.
I dare say F-Droid trust their friends/colleagues more than they trust randos at a hosting company.
As an F-Droid user, I think I might too? It's a tough call.
> Data centers are built with redundant network connectivity, backup power, and fire suppression. [...] The question is their relative frequency, which is where the data center is far superior.
Well, I remember one incident were a 'professional' data center burned down including the backups.
I know no such incident for some basement hosting.
Doesn't mean much. I'm just a bit surprised so many people are worried because of the server location and no one had mentioned yet the quite outstanding OVH incident.
I'm not going to pretend datacenters are magical places immune to damage. I worked at a company where the 630 Third Street datacenter couldn't keep temperatures stable during a San Francisco heatwave and the Okex crypto exchange has experienced downtime because the Alibaba Zone C datacenter their matching engine is on experienced A/C failure. So it's not all magic, but if you didn't encounter home-lab failure it's because you did not sample the population appropriately.
I don't have a bone to pick here. If F-Droid wants to free-ball it I think that's fine. You can usually run things for max cheap by just sticking them on a residential Google Fiber line in one of the cheap power states and then just making sure your software can quickly be deployed elsewhere in times of outage. It's not a huge deal unless you need always-on.
But the arguments being made here are not correct.
The set of people who can maliciously modify it is the people who run f-droid, instead of the cloud provider and the people who run f-droid.
It'd be nice if we didn't have to trust the people who run f-droid, but given we do I see an argument that it's better for them to run the hardware so we only have to trust them and not someone else as well.
You actually do not have to trust the people who run f-droid for those apps whose maintainers enroll in reproducible builds and multi-party signing, which only f-droid supports unlike any alternatives.
That looks cool, which might just be the point of your comment, but I don't think it actually changes the argument here.
You still have to trust the app store to some extent. On first use, you're trusting f-droid to give you the copy of the app with appropriate signatures. Running in someone else's data-center still means you need to trust that data-center plus the people setting up the app store, instead of just the app store. It's just a breach of trust is less consequential since the attacker needs to catch the first install (of apps that even use that technology).
F-droid makes the most sense when shipped as the system appstore, along with pinned CA keychains as Calyxos did. Ideally f-droid was compiled from source and validated by the rom devs.
The F-droid app itself can then verify signatures from both third party developers and first party builds on an f-droid machine.
For all its faults (of which there are many) it is still a leaps and bounds better trust story than say Google Play. Developers can only publish code, and optional signatures, but not binaries.
Combine that with distributed reproducible builds with signed evidence validated by the app and you end up not having to trust anything but the f-droid app itself on your device.
None of this mitigates the fact that apriori you don't know if you're being served the same package manifest/packages as everyone else - and as such you don't know how many signatures any given package you are installing should have.
Yes, theoretically you can personally rebuild every package and check hashes or whatever, but that's preventative steps that no reasonable threat model assumes you are doing.
Why have we normalized "app stores" that build software whose authors likely already provide packages of?
I've been using Obtainium more recently, and the idea is simple: a friendly UI that pulls packages directly from the original source. If I already trust the authors with the source code, then I'm inclined to trust them to provide safe binaries for me to use. Involving a middleman is just asking for trouble.
App stores should only be distributors of binaries uploaded and signed by the original authors. When they're also maintainers, it not only significantly increases their operational burden, but requires an additional layer of trust from users.
I never questioned or thought twice about F-Droid's trustworthiness until I read that. It makes it sound like a very amateurish operation.
I had passively assumed something like this would be a Cloud VM + DB + buckets. The "hardware upgrade" they are talking about would have been a couple clicks to change the VM type, a total nothingburger. Now I can only imagine a janky setup in some random (to me) guy's closet.
In any case, I'm more curious to know exactly what kind hardware is required for F-Droid, they didn't mention any specifics about CPU, Memory, Storage etc.
A "single server" covers a pretty large range of scale, its more about how F-droid is used and perceived. Package repos are infrastructure, and reliability is important. A server behind someone's TV is much more susceptible to power outages, network issues, accidents, and tampering. Again, I don't know that's the case since they didn't really say anything specific.
> not hosted in just any data center where commodity hardware is managed by some unknown staff
I took this to mean it's not in a colo facility either, assumed it mean't someone's home, AKA residential power and internet.
If this is the hidden master server that only the mirrors talk to, then it's redundancy is largely irrelevant. Yes, if it's down, new packages can't be uploaded, but that doesn't affect downloads at all. We also know nothing about the backup setup they have.
A lot depends on the threat model they're operating under. If state-level actors and supply chain attacks are the primary threats, they may be better off having their system under the control of a few trusted contributors versus a large corporation that they have little to no influence over.
Even if it's just the build server, it's really hard to defend just having 1 physical server for a project that aspires to be a core part of the software distribution infrastructure for thousands of users.
The build server going down means that no one's app can be updated, even for critical security updates.
For something that important, they should aspire to 99.999% ("five nines of") reliability. With a single physical server, achieving five nines over a long period of time usually means that you were both lucky (no hardware failures other than redundant storage) and probably irresponsible (applied kernel updates infrequently - even if only on the hypervisor level).
Now... 2 servers in 2 different basements? That could achieve five nines ;)
> It makes it sound like a very amateurish operation.
Wait until you find out how every major Linux distributions and software that powers the internet is maintained. It is all a wildly under-funded shit show, and yet we do it anyway because letting the corpos run it all is even worse.
e.g. AS41231 has upstreams with Cogent, HE, Lumen, etc... they're definitely not running a shoestring operation in a basement. https://bgp.tools/as/41231
I've never had the guts to learn how to perform proper archival research into 1900s West Point mathematics textbooks to confirm/see the solution, but I remember from biographies a famous anecdote from Dwight Eisenhower's days as a cadet involving integral calculus.
tl;dr: in that era students memorized step-by-step solutions from the textbook since it was the "right way" to do things. Eisenhower wasn't prepared, got called to the board and came to a creative solution back that didn't match the textbook. He got chewed out by the instructor for bluffing but then Major Bell an Associate Professor of Mathematics intervened and confirmed Eisenhower approach and insisted textbooks be updated to reflect the new solution.
From: Page 10 of Eisenhower: Soldier and President by Stephen Ambrose
“Often the instructors knew little more than their students. In integral calculus one day, the teacher order Eisenhower to do a long, complicated problem on the blackboard. The insrturctor had previously explained the problem and supplied the answer, but since it had been obvious to Eisenhower that the instructor was doing it entirely by rote he had paid no attention. Thus, when called upon, he had ‘not the foggiest notion of how to begin.’ After struggling for almost a full hour, he finally tried a solution that, to his amazement, worked. He was asked to explain his solution; it was shorter and simpler than the rote answer. But the instructor interrupted him to charge that he had merely memroized the answer and then put down a lot of figures and steps that had no meaning.
Eisenhower could not abide being called a cheat. He began to protest so vehemently that he was soon in imminent danger of being expelled on a charge of insubordination. Just then, a senior officer from the Mathematics Department walked in. He inquried about the trouble, had Eisenhower go through the solution again, then pronounced it superior to the one being used in the department and ordered it incorporated into the Mathematics Department’s teaching”
From At ease: stories I tell to friends (written by Eisenhower -1967):
"About midway in our West Point course we began the study of integral calculus. The subject was interesting but the problems could be intricate. One morning after recitations the instructor said that on the following day the problem would be one of the most difficult of all. Because of this he was giving us, on the orders of the head of the Mathematics Department, an explanation of the approach to the problem and the answer.
The explanation was long and involved. It was clear that he was doing his task completely by rote and without any real understanding of what he was talking about. Because I was a lazy student, with considerable faith in my luck, I decided there was little use in trying to understand the solution. After all, with twelve students in the section, only one of us would get this problem to solve, the odds were eleven to one that I would not be tapped. The following morning I was chosen. Going to the board, on which I was required to produce the solution, and then explain it to the instructor, I had not the foggiest notion of how to begin. I did remember the answer given by the instructor and wrote it in the corner of the board.
I set to work. I had to make at least a good start on the problem, show something or receive a grade of zero which would do nothing for me in a course where my grades were far from high. Moreover, I could be reported to the disciplinary department for neglect of duty in that I had deliberately ignored the long explanation. With this in mind I sought in every possible way to jog my memory. I had forty-five or fifty minutes to solve the problem and I really concentrated. After trying several solutions that seemed to relate, at least remotely, to the one I dimly remembered from the morning before, I encountered nothing but failure. Finally, with only minutes left, I worked out one approach that seemed fairly reasonable. No one could have been more amazed than I when this line of action agreed exactly with the answer already written on the board. I carefully went over the work, sat down, and awaited my turn to recite. I was the last man in the section to be called upon. With some trepidation I started in. It took me a short time to explain my simple solution--indeed it had to be simple or I never would have stumbled upon it. At the end, the instructor turned on me angrily and said, "Mr. Eisenhower, it is obvious that you know nothing whatsoever about this problem. You memorized the answer, put down a lot of figures and steps that have no meaning whatsoever, and then wrote out the answer in the hope of fooling the instructor.
I hadn't been well prepared but this was tantamount to calling me a cheat, something that no cadet could be expected to take calmly. I reacted heatedly and started to protest. Just then I heard Major Bell, the Associate Professor of Mathematics (whom we called "Poopy," a name that was always applied to anyone at West Point who was above average in academic attainments) who had entered the room for one of his occasional inspections, interrupting. "Just a minute, Captain."
Of course, I recognized the voice of authority and shut up, although according to my classmates' description that night I was not only red-necked and angry but ready to fight the entire academic department. I would have been kicked out on a charge of insubordination if I had not been stopped. Major Bell spoke to the instructor, "Captain, please have Mr. Eisenhower go through that solution again."
I did so but in such an emotional state that it is a wonder that I could track it through. The long search for a solution and its eventual simplicity stood me in good stead. Major Bell heard it out and then said, "Captain, Mr. Eisenhower's solution is more logical and easier than the one we've been using, I'm surprised that none of us, supposedly good mathematicians, has stumbled on it. It will be incorporated in our procedures from now on." This was a blessing. A moment before, I had an excellent chance of being expelled in disgrace from the academy. Now, at least with one officer, I was sitting on top of the world."
"Ensemble (formerly MacCast, before the lawyers had something to say about it) bridges windows from your Mac directly into visionOS, letting you move, resize, and interact with them just like you would with any other native app. It's wireless, like Mac Virtual Display, but without the limitations of resolution or working in a flat plane."
In downtown Los Angeles directly across the street from Staples Center/crypto where the Lakers play and a stone's throw from The Palm steakhouse is an imposing yet unfinished skyscraper. The idea was retail on the bottom, hotel in the middle, and $$ residences higher up
It has languished incomplete-- basically rotting-- in part because of EB-5 financing trouble + Oceanwide.
It's expensive to finish, expensive to demolish and the hellish post-covid/high-interest commercial real estate landscape means it will likely remain there for a while
It's just been sitting there because of EB-5 financing trouble. Especially in post-Covid commercial real estate environment
Residential is the way forward. Many projects and formerly commercial buildings are getting the apartment conversion treatment, complete with bullshit interior dead spaces to meet regulatory requirements.
> complete with bullshit interior dead spaces to meet regulatory requirements.
At least in NYC, the requirement is that bedrooms need to have a window. Are there more requirements than that? I've had kitchens w/out windows in NYC. Bedrooms needing windows doesn't seem very BS to me.
Not sure how they arrived at the number (maybe only new vehicles), but there was a claim that 79% of US carbuyers would insist on carplay support
Apple engineering manager Emily Schubert said 98% of new cars in the U.S. come
with CarPlay installed. She delivered a shocking stat: 79% of U.S. buyers would
only buy a car if it supported CarPlay.
“It’s a must-have feature when shopping for a new vehicle,” Schubert said
during a presentation of the new features.
I certainly would insist on it. CarPlay and its Android counterpart are a far sight better than the infotainment systems the majority of cars ship with to begin with, plus they won’t have problems like their navigation data becoming outdated with updates costing money.
My car dash should be the “dumb TV” to my phone’s “streaming box”.
Visuals for navigation, a bigger screen that can be more easily viewed while sitting upright in the driver’s seat, and UI that’s designed for use while driving.
I have to assume they meant 79% of US consumers who use iPhone, since only about 60% of the US uses iPhone, and Carplay specifically is useless to the remaining 40%.
Or perhaps they were grouping in AA under the covers.
Well, it does seem like CNBC is the source of the stat and they do not say it like that. One could make an inference since the previous sentences mentioned new cars.
I don't think I can find a source that supports your claim that iPhone users are over-represented in that group. There was a period where income matched what phone you bought, but these days an older iPhone is pretty cheap to acquire, and the network effects mean people are willing to spend more to be in the ecosystem.
Assuming income as a proxy, from a bit of research it seems that in 2022, 56% of "high income" earners claimed they owned an iPhone. So that split is getting a lot closer, but this is already less than the 60% we have already established Apple has in market share across the US, so that doesn't exactly support the 79% figure. Other sources show about 55%-56% iOS users in the US during that period.
To be fair, I can't see what high income actually means in this data.
Edge— “These products are impacted at the control plane / core level, meaning that only the changes to the existing configuration are affected, but the product is functioning at the edge …”
Fine-tuning is such a dangerous phrased bc it sounds perfect.
“We’ll just fine-tune based on our (we think valuable + special) data”
Fine-tuning doesn’t enhance the model w/ new “knowledge” but a new narrowly-defined task
One other “cost” to consider is fine-tuning a 3rd-party model means if that foundation model changes or goes away that effort/cost needs to be repeated
“F-Droid is not hosted in just any data center where commodity hardware is managed by some unknown staff. We worked out a special arrangement so that this server is physically held by a long time contributor with a proven track record of securely hosting services. We can control it remotely, we know exactly where it is, and we know who has access.”
reply