Permacomputing

cross-posted from: https://lemmy.sdf.org/post/36402193

The knee-jerk answer when an app pushes designed obsolescence by advancing the min Android API required is always “for security reasons…” It’s never substantiated. It’s always an off-the-cuff snap answer, and usually it does not even come from the developers. It comes from those loyal to the app and those who perhaps like being forced to chase the shiny with new phone upgrades.

Banks, for example, don’t even make excuses. They can just neglect to be mindful of the problem and let people assume that some critical security vuln emerged that directly impacts their app.

But do they immediately cut-off access attempts on the server-side that come from older apps? No. They lick their finger and stick it in the air, and say: feels like time for a new version.

It’s bullshit. And the pushover masses just accept the ongoing excuse that the platform version must have become compromised to some significant threat -- without realising that the newer version bears more of the worst kinds of bugs: unknown bugs, which cannot be controlled for.

Banks don’t have to explain it because countless boot-licking customers will just play along. After all, these are people willing to dance for Google and feed Google their data in the first place.

But what about FOSS projects? When a FOSS project advances the API version, they are not part of the shitty capitalist regime of being as non-transparent as possible for business reasons. A FOSS project /could/ be transparent and say: we are advancing from version X to Y because vuln Z is directly relevant to our app and we cannot change our app in a way that counters the vuln.

The blame-culture side-effect of capitalism

Security analysis is not free. For banks and their suppliers, it is cheaper to bump up the AOS API than it is to investigate whether it is really necessary.

It parallels the pharmacutical industry, where it would cost more to test meds for an accurate date of expiry. So they don’t bother.. they just set an excessively safe very early expiration date.

Android version pushing is ultimately a consequence of capitalist blame-culture. Managers within an organisation simply do not want to be blamed for anything because it’s bad for their personal profit. Shedding responsibility is the name of the game. And outsourcing is the strategy. They just need to be able to point the blame away from themselves if something goes wrong.

Blindly chasing the bleeding-edge latest versions of software is actually security-ignorant¹ but upper management does not know any better. In the event of a compromise, managers know they can simply shrug and say “we used the latest versions” knowing that upper managers, shareholders, and customers are largely deceived into believing “the latest is the greatest”.

¹ Well informed infosec folks know that it’s better to deal with the devil you know (known bugs) than it is to blindly take a new unproven version that is rich in unknown bugs. Most people are ignorant about this.

Research needed

I speak from general principles in the infosec discipline, but AFAIK there is no concrete research specifically in the context of the onslaught of premature obsolescence by Android app developers. It would be useful to have some direct research on this, because e-waste is a problem and credible science is a precursor to action.

Nearly two years ago, I put into words the dream I had for a durable computer. A computer that would be built for a lifetime. A computer that would not do everything but could do 80% of what I expect from it. I called this idea the Forever Computer.

I expected to launch a conversation about what we really expect from computers. What do we really want from them? What are some limitations that could free us?

How to create the long-lasting computer that will save your attention, your wallet, your creativity, your soul and the planet. Killing monopolies will only be a byproduct.

From their intro post:

The fictional situation is the following: there has been some sort of social collapse and the Internet infrastructure is gone: there’s no more Internet for us. Now imagine that in this situation we still find value in our computers; how would we operate them now that we don’t have Internet?

I would like to analyze which Operating Systems would be suitable to for this imaginary scenario. In particular I would like to evaluate the Operating System at the following points:

• Can I store a software repository with the programs that I or someone in my area may need?
• Can I store the source code corresponding to the software repository so that I or someone else can fix potential bugs or extends the programs that we may need to use?
• Can I create new installation images from the OS itself, so that I can install it in other computers?
• Can I store the OS source code so that I or someone else can fix potential bugs or extend the OS funcionality / support and from it build installation images of the OS? And can I achieve all this offline?

There is also a NetBSD version

No need to circumvent anti-consumer mechanisms and risk bricking. This router is liberated by design.

ProtonVPN did an API bump in this version: Version 2.7.56.1 (2021-06-18) which left everyone with an Android version older than AOS 6 in the dust. So I went to the archives and grabbed the version just before that one. Ran it for the first time, configuration wizard had no issues but as soon as I tried to reach out to the server it refused to stand up a tunnel saying my version was too old. Not only did they leave permacomputing folks behind for sustaining their still-quite-functional devices, but they proactively sabotaged us from the server side.

AFAIK they made no excuses for the API bump. The usual excuse is “for security reasons”... yeah.. bullshit. Anyway, here’s the workaround:

The absolute latest openvpn app still supports AOS 5 (somewhat suggesting there is no compelling security reason to force AOS 5 users to throw away their devices). Or if you have AOS 4 you can take the openvpn version from 2 years ago. ProtonVPN distributes openvpn config profiles and the openVPN app can simply import those.

Also worth noting that F-Droid warns of anti-features on the ProtonVPN app but OpenVPN is free of anti-features. That said, I got an authentication error, but I doubt that’s related to this procedure.

update

ProtonVPN is possibly breaking EU law. If someone subscribed to service less than two years before the forced obsolescence, ProtonVPN is obligated to continue service as long as necessary to serve the consumer for 2 years.

I can hardly believe I’m not joking. And there’s chatter that “we are addicted to sand” (like the oil mantra).

Permacomputing people can rejoice.. our community will grow because of this.

The enshitified web throws at us websites with autoplay videos that waste copious bandwidth. The waste is not just annoying and eco-hostile, but it sucks dry the credit of people on limited internet connections and grinds CPUs of #permacomputing folks to a crawl.

The best fix in principle would be a browser that disables animations. But it does not exist (reference). It’s an extremely complex problem because there are so many different ways video can forced on people with JavaScript. The developer of Ungoogled Chromium gave up on the effort and even Google have failed in their attempt as well (yes, I shit you not, the big brains at Google could only figure out how to mute the audio).

So the next best option is to identify websites that autoplay video and cancel them. The #uBlacklist plugin is available on Chrome and Firefox. When you get burnt by a shitty autoplay website, you can blacklist so it doesn’t happen again. There is also a mechanism to subscribe to crowd-sourced lists.

Caveat: I’ve not used it myself as the plugin is incompatible with my browser version. It appears it supports certain search engines which I do not use myself, so I’m not sure if it’s useful apart from search results on particular search services.

⚠ The link to jwz.org might have autoplay content, ironically enough. Sorry if that triggers on anyone! Tor Browser is exceptionally able to block the autoplay on that site, so I suggest using TB. I do not like the idea of publicizing MS Github but this link is an alternate which is linked by jwz.org anyway.

Yeah, I have a PPC laptop that this happened to a few years back, which felt way too soon. It's in perfect working condition except for the battery.

@activistPnk @permacomputing

The article title is “Debian Likely Moving Away From i386 In The Near Future” but according to the article Debian will drop i386 support because it will be dropped from the kernel. Seems like bad news for permacomputing folks.

(EDIT) modified the title since it seems more accurate to say that 32-bit support is being dropped. (reference)

Are there any Debian apps that will track bandwidth consumption on a per-app basis, and ideally website-specific when a browser with sandboxing has multiple tabs?

These tools are vaguely described as being able to monitor network traffic:

iftop, nload, nethogs, vnstat, bmon, iperf, netperf, iptraf, cbm, zabbix, nagios, cacti, darkstat, sarg, monitorx, etherape

I’ve tried iftop, nload, vnstat, & bmon. Some of those are just showing realtime stats (bytes per second) and some are per net interface, not per app. I need to know the total bandwidth used on a per-process basis so if a website is streaming or buffering something heavy like video I can react. Since browsers tend to have sandboxing, i think there is a separate process per website. So if a website is a pig I need stats on it.

Ultimately I’m on a limited connection and it’s a mystery what is hogging my bandwidth allowance. I prefer light non-graphical apps but I guess I can’t be too fussy at this point.

cross-posted from: https://slrpnk.net/post/4071219

These two groups exist:

• !permacomputing@lemmy.sdf.org
• !permacomputing@slrpnk.net

Both are small but it looks like slrpnk.net has more traction. IMO both might want to consider mentioning the other in the side-bar so folks know to cross-post.

This article sets out a vision for KDE (the free software desktop environment) written by Clinton Ignatov. It doesn't draw on permacomputing explicitly but it is nonetheless full of real-world examples of permacomputing principles, particularly less reliance on omnipresent networking. If you were on the techie end of the spectrum and looking for inspiration to put concepts into practice, IMO this is a great starting point.

From the Ninth Workshop on Computing within Limits (LIMITS '23)