Energy use is the driver. Fossil fuels happen to be cheap. It's effectively a coincidence, nothing inherent to technological progress itself except insofar as something like aviation would never have been a commercial success without an exceedingly cheap, dense, and portable method of energy storage. Solar-syngas and solar-battery would have eventually gotten there but we'd all have been taking trains and ships for the past 80 years while riding electrified public transit.

Energy and tech are two sides of the same coin

If AGI stages a hostile takeover of all the governments of the world would that count as a technological solution to war and inequality?

For that matter I suppose the terminator timeline also counts. Can't have war and inequality if you don't have humans.

Weird that we can afford how many hundreds of thousands per bomb but can't be bothered to pay entry level wages to manually verify each site. I'm sure the DoD has access to something even better than Google Maps.

Yeah but supply chain attacks like that can hit literally anything. Debian repos, Play store, an individual publishing on his own website, it's all vulnerable.

The one true unit of time is hexadecimal encoded nanoseconds since the unix epoch. (I'm only half joking because I actually have authored code that used that before.)

If attestation ever became ubiquitous the difference between iOS and Android would cease to exist for me. I'd need a black box that lived in a desk drawer for interfacing with specific services and otherwise I'd cart around a camera in my pocket that happened to double as a linux tablet.

I believe most jurisdictions in the US have largely the same framework. At least everywhere I've lived all street corners were implicit pedestrian crossings with a legal requirement (often blatantly ignored) that vehicles yield. Similarly jaywalking is a misdemeanor and only applies within a certain distance of a crossing.

The only situations where it's enforced (from what I've seen so obviously biased) is major highways, city streets with dense traffic and a marked crossing within half a block, and when they want to search someone for contraband. In the latter case it's just an excuse to stop and harass you in the hopes they will manage to generate sufficient articulable suspicion to justify a search.

They don't care about F-Droid but they do care to choke out any potential competitors to their ecosystem before they can get a foothold. See their behavior surrounding device certification for example. They want to abuse the network effects of their ecosystem to prevent consumers from leaving. This is just more of that - vendor lock-in masquerading as an unfortunate necessity.

I'd argue OSS isn't sufficient on its own and that I suspect moderation only plays a small role. I think it's primarily the separation of roles. For a complete outsider whose only interest is exploiting users publishing a sufficiently popular piece of software and also gaining the ability to add things to the debian repos is a huge barrier. You'd have to invest years of work to do both of those things and then hope that no one happened to notice anything before it was too late.

Of course the FLOSS aspect adds an additional hurdle that this popular piece of software will have to somehow avoid having much of a contributor community around it since that would greatly increase the risks of your malicious changeset being reviewed. I guess what happened with XZ was about the best case scenario that an attacker could realistically hope for.

Reads like a cheap hit piece to me.

The section you linked in particular is a load of editorialized bullshit IMO. As far as I can tell the only legitimate complaint is that there is (or was?) some sort of issue with the signing methodology for both APKs and repository metadata. Specifically they were apparently very slow to replace deprecated methods that had known issues. However it's worth noting that they appear to have been following what were at one point standard practices.

The certificate pinning nonsense is particularly egregious. APT famously doesn't need TLS unless you're concerned about confidentiality. It's the same for any package manager that securely signs everything, and if there's ever a signing vulnerability then relying on TLS certainly might save you but seems extremely risky. On top of that the Android TOFU model means none of this matters in the slightest for already installed apps which is expected to be the case the vast majority of the time.

As far as I'm concerned F-Droid is the best currently available option. That said of course there are places it could improve.