Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.
I just have an old phone for all the banking stuff. And I use degoogled phones for real stuff. I don't need my bank when I'm out anyway.
Not using grapheneos though because pixels are expensive in my country. Also, I disagree with them on some points, like rooting. I don't think me having access to root makes my phone less secure. Obviously it should be secured properly so only I can use it, but that can be done. After all even an unrooted phone still has a root account and runs stuff as root, you just can't access it as a user. That means the OS vendor (grapheneos in this case) has more access rights on my phone than me (how else are they going to install updates), to me that's not right.
I just want to be able to inspect what is going on on my phone. What apps are storing about me on their private storage, and to be able to add root CAs so I can MITM their traffic to inspect it.
I believe GrapheneOS would only be an issue if the Swedish gov decides on using the Google Play Integrity API instead of Android's hardware attestation API (and requiring their apps to whitelist GrapheneOS's keys). So their stance doesn't really change much in terms of how banking apps currently work with GrapheneOS.
The Play Integrity API even works on GrapheneOS, but will only pass basic integrity (which is enough for most, but not all banking apps). It doesn't pass strong integrity, which does remote attestation. If your bank does that, ask them to add remote attestation for GrapheneOS as well.
For most apps, yes, they won't require the MEETS_STRONG_INTEGRITY check in the Google Play Integrity API. But if your apps _do_ choose to use that Google Play Integrity API for a strong integrity check, then they won't be able to whitelist GrapheneOS's keys for it to pass. Unless you can convince Google to whitelist them.
Thus it's best if they use Android's hardware attestation API instead, as you can then decide to whitelist GrapheneOS to pass that strong integrity check.
Another Swedish resident here, using GOS for around 5 years.
So far all the dealbreaker stuff works (BankID, Swish, bank apps, transport apps, etc.) which is great.
That said, I also work in Denmark and need the Danish apps. And the situation in Denmark was the same as Sweden... until one day it wasn't. For example, MitID flipped a switch one day and started enforcing Play Integrity. It became impossible to activate MitID on a GOS phone. And it kinda became the new normal in government or -adjacent apps.
Therefore, I dread the day this might happen in Sweden too. Let us see what will happen with the digital wallet app that the government will launch to compete with BankID. I am afraid there is a good chance that they will tread the same path... I hope I am wrong about that.
It's not an issue, we're just spoiled. It's such an amazing convenience that anything else seems like a huge and unnecessary hassle.
There is actually more a second MFA provider that is accepted almost everywhere, including the tax authority. I forget it's name and I've never tried it, so I can't say too much, but presumably it provides similar functionality as BankID
It's called Freja.
It's also possible to get a special hardware device to do the bankID dance, which is great to have if your phone breaks, as having that device will make it possible to provision a new bankID without visiting a bank office.
He's referring mostly to BankID which is a very secure MFA solution designed for banking purposes(all banks in Sweden accept the same mfa app) the inbox app is probably kivra, which is a email inbox which uses BankID for authentication, and is used for invoices and other "official business" mails.
There's also swish, which is instant payments to both friends and businesses. Swish also uses BankID.
BankID is also used to sign documents, file taxes, etc.etc.
Swedish society is largely built around this one official MFA solution, and having a phone where you cannot run it is a real hassle
I can only speak for my bank (Nordea), but they do offer a separate 2FA device you can order if you "can't use" your smartphone for whatever reason. As a solution it sucks, but technically you're not forced to use a mobile phone to login. I'd be surprised if other banks didn't offer similar fallbacks.
You would need to lug the device with you everywhere because BankID is used for all sort of things in Sweden. I couldn't even use a vending machine here without the BankID app.
Ah, thank you for the clarification! Does not really work in all countries, e.g. here it is quite common at events to pay through a QR code and you need your banking app to do so.
Because you have motivated reasoning to dislike these companies, even though Blackrock and Blackstone are bog standard financial services companies and a random naming scheme is easy to grab onto.
All the worst companies seem to all be LOTR themed.
Technically the Palantiri were a force for good in the hands of Elves and Men, and could still be used for good, like Aragorn using it to challenge Sauron and forcing Sauron’s hand. So that’s a defense to the self-awareness argument. In fact that ambiguity is likely intentional.
Btw I always wondered why I was seeing droves of Palantir swag on Stanford campus back in early 2010s. I wouldn’t wear something that has a 50%+ chance of being interpreted as evil.
The Palantir themselves aren’t evil, they were made by the elves long before the events of LOTR. Essentially they are just a tool.
However I heard that Thiels favourite book is the rewrite of LOTR from the perspective of Sauron, where Gandalf and the elves seek to destroy humanity and technology (at least that’s how I understood the gist, haven’t read it)
Pretty much private mercenaries that work outside of the usual army structure as "private contractors". They're usually the ones the US contracts to do the worst atrocities, as that gives the government a thin veneer of plausible deniability because they were behaving "independently". The US also does its best to make sure they never face any legal consequences for their war crimes.
Also worth pointing out that, due to this "contractor" relationship, they never count towards official casualty figures. For example, if Iran were to kill 50k of them (I'm of course exaggerating to make a point), they wouldn't count towards US casualty figures, so it's also a way for the government to downplay the effects of foreign intervention to the general public.
> Also worth pointing out that, due to this "contractor" relationship, they never count towards official casualty figures. For example, if Iran were to kill 50k of them (I'm of course exaggerating to make a point), they wouldn't count towards US casualty figures, so it's also a way for the government to downplay the effects of foreign intervention to the general public.
This has happened throughout history in war, before even recorded history.
Russia is doing it right now with North Koreans. Also with Wagner Group, until they had their little uprising against Putin and then their plane happened to crash.
Bit tangental, but if this was a real thing, we could hopefully stop letting google / microsoft determine whats spam. Private mail servers would hopefully more common and actually work. Super annoyed, I use cloudflare + protonmail for my custom domain, but I have the feeling that some outgoing emails from my domain gets blocked... 90% deliverability means practically useless.
Strictly speaking, Isn't there still a way to express at least one Illegal string in ArchivedString? I'm not sure how to hint to the Rust compiler which values are illegal, but if the inline length (at most 15 characers) is aliased to the pointer string length (assume little-endian), wouldnt {ptr: null, len: 16} and {inline_data: {0...}, len: 16} both technically be an illegal value?
I'm not saying this is better than your solution, just curious :^)
In the code you will find union { {len, relptr}, [u8; 16] }
The length is first. The pointer second. The inline string is terminated with 0xFF. The length is 62 bits out of 64 bits such that a specific pattern is placed in the first byte that utf8 doesn't collide with.
Super cool stuff! I love the idea of games being refurbished to the point that it can be kept, almost source original, and still played years down the line. For example, I love Another World for this, being just a bytecode blob where each port is just a VM (good writeup: https://fabiensanglard.net/another_world_polygons/index.html).
Location: Umeå, Sweden
Remote: Yes (preferred)
Willing to relocate: In Sweden, perhaps
Technologies: C++, Java, Golang, Low-level systems engineering, GPU Compute & Rendering (Vulkan, GL, Cuda)
Résumé/CV: https://github.com/ollelogdahl https://www.linkedin.com/in/ollelogdahl
Email: olle.logdahl.net
Graduating with my Master's this summer (June), seeking new exciting & challenging roles where I can grow. Been working 4.5 years as a Java backend developer, but have spent 10+ years with CS as my hobby; exploring distributed systems, systems programming and computer graphics.
My current interests are mostly systems programming, performance engineering and GPU compute. I love to tackle hard technical topics and deep diving. If you're working on something interesting and think I could contribute, please reach out! :^)
I think this is a matter of preference. Nowadays I cannot stand environments like Java (or especially Kotlin). "Tricky memory errors" is in my opinion nicer than a borrow-checker refusing sound code. I guess I really hate 'magic'...
reply