Saying “it’s us, men” (to rule the world) is inherently a narrative that avoid discussing the class division, because being a man is not being part of a social class.

I might have misunderstood what you meant, but this argument is put forward quite often by certain groups that lost completely touch with the class struggle, hence my remark.

Who do you think runs the fucking world already…its us, men.

I hope you realize how alienating a sentence like this is, for someone who is as stomped by society as many women are.

This narrative is exactly what prevents any form of class solidarity, and I really can’t understand how someone can write it in the same comment where class struggle is raised.

There are 2 issues here that are being mixed.

One is women not being allowed to positions of power. The other is with women being underrepresented in certain fields (e.g., stem).

The second issue is what I am talking about and I don’t think at all that men “choose” not to try certain careers in the same way women don’t “choose” not to study stem and pursue stem careers. For both, social pressure and expectations, an existing field dominated by the other sex with all its implications are factors of discrimination. Strict gender roles are damaging for both men and women, and this is a perfect example.

Like another comment stated about Germany, even in Italy medicine faculties have a majority of women today as well.

I agree that in general teacher jobs are not glamorous or high-paying, but it’s still a very important role in society and we can still discuss how it’s a problem that there is an effective (social, mostly) barrier for males accessing (lower level) education jobs.

I do believe that this is essentially another symptom of a wider problem related to gender roles.

Not OP, but positions like nurses or teachers are very female dominated. It’s not like males cannot reach those positions, but there are social obstacles to that. To make an example from my country, in Italy primary school teachers are > 90% female. I believe in kindergarten they reach 97 or 98%. This is also partially the result of strict gender roles than discriminate both men and women in terms of caring for children (I.e., women are de facto forced to do that, men are pushed away), which then reinforces the social practice of women doing all the caring jobs.

This is IMHO a problem for both men and women, but probably it’s not from the same perspective as what OP meant…

Objdct storage is anyway something I prefer over their app. Restic(/rustic) does the backup client side. B2 or any other storage to just save the data. This way you also have no vendor lock.

Gotcha, you are the classic person who is unnecessarily confrontational, but that dashes at any actual confrontation, because ultimately you have nothing to say. Your history shows this clearly.

We can all live without toxic people like you.

So your argument is repeating a cliché? OK.

I don’t need to convince you, but I explained my reasoning. Maybe make some practical examples, show some CVEs that - if left unpatched - severely impact the privacy (or the broader security) of the average users.

Also, as anybody who works in security knows, security is not a binary, and securing often means paying a price (in usability, in Euro, in comfort, in performance, whatever). In my mom’s threat model there is no the APT leveraging a 0 day to breach her worthless phone, there are opportunistic scammers who send her emails. There is also google and the like harvesting her data to sell her shit (hence a deGoogled phone with bootloader unlocked is more important than a Google phone with bootloader locked, for example).

In my threat model there might be some more resourceful attackers (because believe it or not, a financial org trusts me with securing their infra). However, as I also said, a much simpler and cheaper attack that recently has made the news is just to snatch the phone unlocked from my hands on the street, rather than exploiting an android CVE. This is why for example I have app pins for signal, email and everything that supports it, and I need to authenticate at every use. I also store all my TOTP on my yubikey, rather than keeping them on the phone (even with PIN), so my phone is not good as a 2FA device.

What you call blasé is actually just a way I personally assessed the risks and decided to invest accordingly. People whose threat model involve the bots who spam emails do not have to invest in security like if the NSA is after them. Updating android a month later is not going to be even a “low” risk for most people, especially if they adopt the much more important practice (IMHO) of not installing every shitty app under the sun. If you think otherwise, make concrete examples perhaps. Using a cliché is not really building your credibility here.

I definitely wait more than a week to update for example. The marginal security risk is completely irrelevant for me compared to the operational risk of a buggy update. N-1 is a common practice for updating software in fact, unless there is absolutely a great reason to upgrade.

Also, I want to be in your circle, because most people I know if the phone doesn’t update automatically they probably won’t even think of updating their phone (or their computer) at all.

For me the reason is simple, I don’t care about the advanced threats that would be mitigated by GrapheneOS enough to buy a pixel and migrate. I already own a FP3 and that’s what I am going to use until it breaks.

I might consider Graphene in the future, but having to buy a Google phone (even a used one) already pisses me off, compared to a FP (or similar). eOS also tries to be a “noob-friendly” distribution, that you can buy phones with and you never have to mess with the phones, which means people who don’t have the skills or don’t want to mess with their phones might trade the risk with ease of operation, and it might be the right choice for them.

Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.

I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.

I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.

Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).

If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.

No offense, but that’s not what a security dumpster fire is. Security updates are important, of course, but they are also not the biggest deal.

In fact, I bet that the vast majority of users (on Android or otherwise) are lagging way behind in updates anyway.