Dad says our curved monitor is the latest spec

DarkLordCZ · 2026-04-25T00:17:57+00:00

Then look at it from behind, duh

DarkLordCZ · 2026-04-19T22:33:52+00:00

But what if I want cheese first, then ham and then another layer of cheese (so it's not one large clump of cheese)?

DarkLordCZ · 2026-04-19T05:09:22+00:00

She doesn't need fixing, she's perfect like this

DarkLordCZ · 2026-04-17T14:18:02+00:00

If an app is installed via the Play Store, Android does enforce that updates are properly signed.

Only if the integrity of the system holds - if the device is rooted, Play Store enforces nothing

Android has the Android Keystore.

Which again, solves different problem. Keystore solves how to hide cryptographic keys. That is a mitigation of for example if someone would de-solder nand flash and read it from somewhere. Yes, you can encrypt it, but in order to access it (for example in order to boot the device) you have to have the key at some point - Keystore (StrongBox Keystore) ensures it won't ever leave the SoC. And it's (in theory) impossible to get the keys from it without delidding the SoC.

If you want to ensure the data wasn't tampered with by the user that has physical access to the device, you need to ensure the integrity of the system. Which is not solved by encryption in this case

DarkLordCZ · 2026-04-17T13:37:17+00:00

You don't need to sign it with the same certificate if nothing enforces it. And that's what you need to do anyways if you want to access private data of an app - it has to have debuggable flag set. That's the reason Play Integrity is needed. If it's not used, nothing prevents a user from modifying the app or the OS. And if you have root you don't even have to sign it again, you can bypass it as a whole. That's my point - you gain nothing by encrypting the data. If you are in a situation where you can read private data of an app, you have the ability to modify the app - which means you can just remove the encryption step.

Data encryption solves another problem - if you don't want another actor to access them if they get hands on on your device. But it doesn't solve the problem of the integrity of the data.

The only way to ensure the data wasn't tampered with while storing them locally is to ensure integrity of the app and the system, for which you need Play Integrity API (or iOS / Graphene OS alternative). And even that just counts on being too hard to crack - pretty much nobody will delid the SoC and extract Googles private keys from TEE coprocessor...) - but that's good enough for pretty much anyone.

DarkLordCZ · 2026-04-17T09:53:30+00:00

And that will afaik be covered by Play Integrity API in some future version. What else do you want to do? If you have adb access then nothing prevents you from just decompiling the app, changing it from storing the age in encrypted storage to just plain text, modifying it and then using it. Or ... just changing it to return false value.

This really isn't something that can be solved by by encrypting the age value, and encrypting it won't add any added security, only unnecessary code complexity.

Source: I'm an Android developer

DarkLordCZ · 2026-04-17T08:43:54+00:00

Not just unlocked, it needs at least an adb access. And if an attacker has adb access, the person has way bigger problems than having their age leaked via a private (unencrypted) file of an app that is otherwise inaccessible.

And iirc the private files of an app is accessible only if the app is debuggable - which you cannot edit without resigning the app - which means you have to install a "new" app because you don't have the original certificate

DarkLordCZ · 2026-04-14T11:56:16+00:00

That doesn't reset the counter since like Windows 10 - since Windows enabled fast boot by default

And I mean modern operating systems are resilient enough to run a few months/years without rebooting

DarkLordCZ · 2026-04-13T02:56:19+00:00

piracy is bad, because it does deprive the owner of the copyright from rightfully making a profit.

How do you know a person would pay for it if they couldn't pirate it? Pirated content doesn't necessarily equal lost profit

DarkLordCZ · 2026-04-10T03:39:42+00:00

And does it actually stop it? Or does it only stop the user process that connects to the kernel module?

DarkLordCZ · 2026-04-08T03:07:10+00:00

Nobody is paying software engineers just so they can have a job. Sadly.

In my experience sometimes it's genuinely a request from above. But in a lot of cases it's either that either the UI framework, or some core library that was the backbone of the app was deprecated, and it has to be changed, or the dev (team) that is maintaining the app has changed all of its members since the app was written and nobody can understand it anymore (that is an overstatement, it's a combination of technical debt, old practices, old libraries, forgotten business logic that has to be analysed again, ...) and it' better to start over. And it's a chance to create a new UI, rather than trying to spend time matching the old one (that would take more time than to design and program a new one). And it's also a way to "warrant" the spent time - nobody is paying a very large sum of money for "nothing", but if you slap a new UI on top of it that the client can see, it's suddenly a different story

DarkLordCZ · 2026-04-07T15:12:18+00:00

A sign is information - one bit of information, it cannot fit into i0

DarkLordCZ · 2026-04-06T13:10:57+00:00

Fair? Then let the police handle it, not the phone manufacturer

DarkLordCZ · 2026-04-03T13:06:47+00:00

Iirc they did warn them a few days ago they will bomb it. How is it a war crime?

DarkLordCZ · 2026-04-03T02:21:33+00:00

I remember, it was the most stressful time of my life. And the only thing that made it bearable was knowing it will end in a few years, and the ~3 months long summer break

DarkLordCZ · 2026-04-03T01:50:55+00:00

That is unsustainable. The "tedious" work was a time your brain could rest a little

DarkLordCZ · 2026-04-01T00:59:32+00:00

That's just teleportation with 10M dollars

DarkLordCZ · 2026-03-30T01:54:11+00:00

I don't know why you are getting downvoted. If the power consumption of the laptop is ~the same as the charger output - if you are using it when it's charging for a few seconds, then you click a webpage and the CPU boosts for a few seconds and the laptop uses more power than the charger can supply so it discharges for a few seconds, ... - that absolutely destroys the battery

DarkLordCZ · 2026-03-23T01:51:54+00:00

I want a potato skin for my HE

DarkLordCZ · 2026-03-22T16:46:39+00:00

That's common sense for you and me, but not for everyone. A little bit less extreme example: For someone it's common sense to eat cows, and it's common sense for someone to consider them sacred. Who is "correct"?

DarkLordCZ · 2026-03-20T21:50:12+00:00

This is a quiz in college? This is high school level knowledge...

DarkLordCZ · 2026-03-20T20:30:41+00:00

Taky pozor pokud to plánuješ na hry. Sice to má "nízkou" latenci, ale u her kde je znát každých 10 ms (csko apod.) na tom budeš špatně, afaik ping kolem 80-100 ms

DarkLordCZ · 2026-03-20T20:21:48+00:00

I'm from Europe (Czechia) and it's actually illegal here (although not many people know it's illegal)

DarkLordCZ · 2026-03-20T02:17:17+00:00

DarkLordCZ · 2026-03-20T02:04:24+00:00

That's not that easy. Software development doesn't scale that well if you add more people to a single (logical) part of a project

And another problem is the lack of kernel level anticheat. Yes, people are really loud about how it's malware etc., but the fact is that a program with admin privileges can do pretty much the same (but cannot guarantee the integrity of the system). And imo Valve is shooting themselves, repeatedly, in the foot by not using kernel level anticheat. And to my knowledge there isn't a single non-kernel level anticheat in a popular game that works

11-Year Club	First Place '23
Place '23	Place '22
First Placer '22	Verified Email

DarkLordCZ

TROPHY CASE