GSMArena only lists European and Asian band combinations for the 1 VI, and no US model.

Doesn’t mean they won’t come out with an US model though. The 5 VI is not out yet either.

Should have taken therealmyname@blahblah.com.

If you’re in the US (or Japan, they also restrict some models there) you can visit the unlock pages (select a model from the list on the page I linked) and see what they say. Maybe they don’t restrict all models, or maybe they don’t restrict older/cheaper models. I’m not in the US so I never get to see the message directly, I’ve only seen in other people’s screenshots.

Also I’m not 100% if they give you the message if they see you have an American IP, or wait until you enter the IMEI to slap you down.

You can be first again if you get your own domain!

And it makes it very easy to get and maintain certificates.

Depends on who wins the election. Trump would come out with anti-union legislation so the large studios might decide to hold out for that.

Yes, sorry. The way you bought it makes no difference. The unlock code is generated on the Sony website based on the IMEI of the first SIM slot. They can tell when it’s the IMEI of an US model and will refuse to give out the code.

Just to be clear, I’m talking about bootloader unlock (so you can root it and install custom ROMs) not carrier unlock. Normally Sony offer bootloader unlock codes on their website, but not for US models.

Carrier (network) lock and unlock is done by the carriers, manufacturer doesn’t care.

Normally I wouldn’t worry about it, Samsung just apes everything Google does. It’s part of their tug of war, basically Samsung is saying “if you ever pull a Huawei on me and disable every Google feature I’ll still have a copy of everything”.

Then again the US market is wierd so I don’t know. You can unlock Sony bootloaders everywhere else without a hitch but they cut a deal with US carriers so they won’t give unlock codes to US models. If Sony did deals like that so can Samsung.

Same here. iOS is so severely limited compared to Android it would be unusable to me as an phone.

As a tablet I use it 99% for streaming apps (music and series) that I put on while cooking or doing chores, 1% as a backup device for things like access to my bank app.

Similarly, a flower pot falling on your head is not a hypothetical, it just hasn’t happened to you.

But does it mean you should wear a helmet every time you go outside?

To begin with, the probability of keylogging being used in an attack against you is abysmal. Not because it can’t be done, but because it’s a complicated, inefficient attack, and if the attacker can run code on your machine there are much better ones.

Secondly, keylogging is still possible on Wayland, if the malicious code can attach to the relevant processes. Such as a vulnerability in your browser, which also happens to be a place where you type passwords and CC numbers a lot.

Third, as Wayland evolves it will have to develop better IPC features. You can’t have a functional desktop with zero communication. And we’ll be back to square one.

Fourth, desktop communication is not even that sensitive. 99% of it is stuff like “window id 0x09123 was maximized”.

Last but not least, if keylogging were a real issue, don’t you think it would have been addressed in the 40 years that X11 and Xorg have been around? It’s fascinating how some people think that Wayland was the first to discover this previously completely unknown threat that threatens to doom us all.

keyloggers is because it allows an attacker to perform privilege escalation by recording your sudo/root password and automating an attack

So does putting a script called sudo in your PATH.

Keylogging is one of the lamest, most inefficient methods of attack. If you can run code on someone’s machine there are so many other things you can do.

The fact Wayland has wasted so much time and complicated things so much focusing on a non-issue is mind-blowing.

The majority of users do not use such tools and should probably use Wayland.

Don’t worry, this is not the only thing holding back Wayland adoption.

Or a docker image with Nginx Proxy Manager. You get a working reverse proxy, an automatically renewing certbot, easy to use UI, plus a working nginx install that you can use for serving static files, forward proxy etc.

Do you sandbox each and every process? Do you whitelist everything each process can do? Every file it can access, every which way it can use the network, every bit of CPU and RAM and hardware resource it can use?

If you don’t do that, why do you want to impose upon me a complete block of inter-window communication, which I use for desktop automation, and which has basically zero security impact in the wild?

I don’t mind Wayland having security features, but why are they so heavy-handed and non-optional? Things like firewalls, AppArmor, cgroups, they’re all customizable. Why is Wayland all or nothing?

Again, if you have malicious code running on your computer it can do lots of things. It can access your files, the network etc. You have to keep an eye on security vulnerabilities all the time anyway, which thanks to FOSS is easier. You’re pigeonholing on keylogging but there are lots of ways that malicious code can hurt.

Windows has chosen to go the route of allowing malware in and dealing with the fallout later. It didn’t work out so great. UNIX and Linux have been on the side of not allowing malware in at all if possible.

If you want to use a system that restricts access to all apps to all resources all the time you can, but I think you’ll find it very limiting and inconvenient. But it would be your choice.

In the meantime, if my choice is to disregard the purely hypothetical threat of keylogging, I should be able to do that, especially since breaking inter-window communication also breaks all desktop automation.

And that’s why I don’t use Wayland: it broken desktop automation and it won’t give us a choice in the matter, for the sake of one, randomly selected, purported security issue.

X11 allows any app to keylog easily.

Yeah, any app that runs on your computer… at which point you have bigger problems than keylogging.

When’s the last time you’ve heard of keylogging being a common problem on Linux btw?

It’s not a big deal… for now, because most of the time when I limit DDG results I ask for 1 year back (for solutions that are sort of recent but not ancient).

I would never limit results to just the last week, and typically posts that are that fresh won’t have enough accumulated knowledge so even if they pop up on the results they’re not really useful.

Again, that’s just my experience. I’m curious if others have similar ones.

The main goal should be having a thorough approach. People hear “firewall” and assume it means blocking things but it’s really about having a comprehensive network specification.

If you mean the S24, the equivalent from Sony would be the Xperia 5 V. Has audio jack and sd card compared to the S24, Sony batteries last 2 days even after several years of use thanks to excellent optimization and battery care, there’s almost zero bloat. On the downside it will only get 2 years of upgrades (until the end of 2025). Also you can’t unlock the bootloader on US models if that’s something you care about.

https://gsmarena.com/compare.php3?idPhone1=12773&idPhone2=12534

Keeping a port open if you don’t want it open is bad practice.

Why even bother having a firewall then? I mean, why block any ports if you’re going to open the ports for services anyway, and there’s nothing listening on the others, right?

The point of having a firewall is that you start with DENY on all possible chains and interfaces, and you describe explicitly what is allowed to happen.

A firewall thus becomes a living specification of the networking rules for your server, the same way ansible for example describes the functionality.

If you’re not willing to do it like that then don’t bother having a firewall, there’s no point.