Fushuan [he/him]

It’s not really about the hardware, is it? The option you mentioned won’t enable an alternative app store, it won’t enable access to android app emulators (which would be a huge boom in the open source app offering). The level of trust iPhone users give to appeal is wildly higher that what android users that tweak their phones give the manufacturers. It is what it is, but don’t delude yourself in thinking that it’s about what they do in the kernel level, it’s about the fact that they store tons of sensitive data in their american servers and that they have an obligation to share that data with the country, and as someone from Europe that doesn’t sit well with me.

Apple issue then, quite the anti feature. In any case, I hope the IT team learns from it and they create a company ID or several company IDs so this doesn’t happen again haha.

100% agree, just take into account that most people you encounter on lemmy, specially on posts about security, are in that 1% that tweak stuff and if you throw blanked statements they will think you are talking to them specifically.

Oh, I assumed that you would be forced to type your password or have enough rights to install stuff in a computer, be it in person or remotely, so I assumed that whatever 3rd party program they used required to have enough access, and that apple would use the apple id as a master password, given that it’s what is being used to lock down the device itself.

Well, yet another issue with apple lol, why add a ownership id if it’s not even what gives root access. Lmao.

The issue here is that while baseline apple is more secure than baseline android, a user with knowledge or a guide can improve the android security by a lot, whereas the apple baseline is also the ceiling. There’s stuff you can do with iPhones but if you don’t trust apple, you are kind of fucked.

Android people that mention security won’t be using a stock phone from the store, they will have disabled stuff, enables alternative stuff, or even installed a completely new android based OS, and this can’t be done with iPhone or iOS.

I’m with you that you should be able to log out remotely, but this is more of a failure in the IT department. You should have been given a PC with the apple ID already introduced, with your company mail and some password. How would they even access your PC remotely for security udpwtes if they didn’t have access to your appeal id? Right, they didn’t. So they gave a computer they didn’t have remote access to, not properly configured, and then forced you to either move or give private information.

It’s more about the fact that they didn’t have a webpage in their apple account where they could remotely log out, and the IT department had the physical computer so they had to either move to the department or give the department their personal password, which is bogus. Being able to remotely log out of the computer doesn’t seem to be that big of an ask.

I get thay the computer should remain locked if there’s no internet, but once the computer gain connectivity it should unlock if it was logged out in the user page.

oh, yeah I’ve read and heard of plenty people saying that they definitely notice it. I’m lucky enough not to because most ARPGs don’t run 60FPS on intense combat, let alone 120 fps on a rtx3080 lmao.

I was talking more about the jump from 240 and beyond, which I find surprising for people to notice the upgrade on intense gaming encounters, not while calmly checking or testing. I guess that there’s people who do notice, but again, running games on such high tick rate is very expensive for the gpu and a waste most of the time.

I’m just kinda butthurt that people feel like screens below 120 are bad, when most games I play hardly run 60 fps smooth, because the market will follow and in some years we will hardly have what I consider normal monitors, and the cards will just eat way more electricity for very small gains.

Sure, but wasting double or triple the resources for that is not fine. There’s very limited places where that even is a gain on games, because outside those super competitive limited games it’s not like it matters.

In thought that 60Hz was enough for most games, and that for shooters and other real time games 120 or 144 was better. However, it reaches a point where the human eye can’t notice even if it tried.

Honestly, going up in framerate t9o much is just a waste of GPU potency and electricity.

on a similar topic, I recently upgraded my screen from two 24’’ 1080x60 to 24’’ 1080x144 & 27’’ 1080x120. I barely tell the difference but my card sure does, I quickly limited the refresh rate of both to 60 because I it’s pointless and I’ve read too many people saying that once you go 120+ it feels bad watching 60, and I really don’t want to get used to something that just makes me spend more electricity for nothing.

If you enjoy stuff fine in FullHD, don’t bother increasing the resolution. As others have explained, there are other things to upgrade before going for resolution that will have a bigger impact on the image. That said, purchasing a good screen that happens to have 2K or anything higher than 1080 is no big deal, just set your resolution to whatever you want from software and be done with it.

100% agree, it’s better than all the other music services in quality on linux just because it (3rd party) offers something that has somewhat better sound quality than the basic video version of any other one, and Spotify being the only other one that has an unendorsed official native client (done by the devs in their spare time without any official support offered) is pointless because their best audio quality is trash.

According to another commenter chromium on Linux is hard capped on quality, so although it’s noticeable vs the web version, it’s not actual Max quality. I haven’t noticed it although my headphones should be able to show the difference (sony MDR 7506, I know, yes, for everything, people say that it doesn’t sound nice, I don’t care I love it) so idk.

Most of them, honestly. Idk where you looked but Tidal, Amazon music, apple music, dezeer or however it’s pronounced, all were available in Spain. I stocked with Tidal because of the Linux client but apparently theybalso pay artists the most so yay.

As an edit, you mentioned metal, I listen to lots of mainstream metal bands (powerwolf, system of a dawn, dragonforce, sonar arctica, blind guardian…), some other maybe not so well known ones (tyr, alestorm, korpiklaani), and some local ones that are more rock than metal (vendetta, su ta gar, kaotiko, la polla records).

Check this web player wrapper, it allows for high and Max quality

https://github.com/Mastermindzh/tidal-hifi?tab=readme-ov-file#features

If you are talking about Tidal HiFi, the UI might be similar to the web version but apparently itbruns on a modified version of chrome that allows HiFi music? I did test it some months ago and the quality difference is noticeable.

Idk what the other two are saying because Tidal HiFi is an unofficial client that let’s you reproduce high quality music, being basically the only one that let’s you do it on Linux. Yeah it’s a web wrapper but with HiFi enabled or whatever, I don’t really remember but the default web version doesn’t have HiFi and the app does and it’s noticeable.

https://github.com/Mastermindzh/tidal-hifi?tab=readme-ov-file#features

Tidal is the only one for me since it’s the only one with an unofficial HiFi Linux client, which is a wrapper around the web version but with HiFi enabled.

I’m happy reading that they are decent on pay for artists.

But… PAKE is used as a method for ongoing exchange of messages, you wouldnt avoid using a password when authenticating, which is the whole point of this debacle.

In really don’t see it that complex, in my last job IT installed a passkey in my laptop, which then Microsoft used to login and thorough its SSO, I just stopped using passwords altogether after logging into my PC itself. This is way more secure for the average Joe than having 5 postists with passwords pasted in the sides of the monitors. Yes this is way more common then you think, there’s a reason passwords need to be rotated all the freaking time.

Once rolled out, workers didn’t have to do anything to authenticate, as long as they were using the work laptop the company assumed that the used was the one using it, since the laptop was registered to the user, and it was way more comfortable.

It’s not really that hard to explain to people. Sending passwords is insecure because if an attacker gets the password, you lost. With passkeys, once you set it up, google/microsoft/pepapig.com will send a request to authenticate to your phone, where you will just say “yes” and they will talk with each other to give you access. If an attacker gets hold of that message, it doesn’t get anything of value because each time pepwpig.com and your phone talk with each other, they say different stuff and the attacker would just have yesterday’s responses, so they lose.

Old people won’t adopt it unless forced, just like they adopted special passwords by adding 1 and * to whatever stupid word they use and writing it next to their work monitor, in the office. They just won’t. Either IT automates everything for them or anything we develop will get completely bypassed.

It’s like the initial authentication, where server and clientnexchange a symmetrical key with their asymmetrical keys. The difference is that in that exchange the server and the client meet for the first time whereas the point of pass keys is that once when you were already authenticated, you validated the device or whatever will hold the private key as a valid source, so then when the authentication code gets exchanged, both ends can verify that the other end is who they tell is, and both can verify the other end as valid, and thus that exchange authenticates you because you, in the past, while authenticated, trusted that device as valid.

Technically, yeah, it’s an asymmetrical key exchange. Iirc the server sends you a signed certificate and you need to unencrypt itnwithbtheir public key and sign it with your private key, so they can the getnit back and ensure that it was you who signed it, using your public key to check the validity of whatever was sent.

I don’t know enough to be 100% corrextbon the details, but the idea is that it’s an interaction between asymmetrical keys.

Soporta like how we use keysbto authenticate through github through SSL, but with an extra level of security where the server validates a key in a single endpoint, not wherever that private key would be held (like with SSL)