Because silence is a common good, like clean air. It's everyone's. When people fill it with their noise they effectively privatize it for the duration. When they shout on speakerphone or play their music or blare sound from their apps it's especially selfish.
I know, it's pathetic. It's partly because they don't want to pay for the staff to do the enforcement and partly probably some other reasons.
In classic British style they just try to influence and nudge people with campaigns and posters. That way the organisation doesn't have to deal with awkward accusations of racism etc
You do understand that one of those “needs”affects others around you, and one of them leaves them in peace, right?
Also I’m sure parent wasn’t referring to emergency calls
The one near me which is absolutely fucked, as far as I'm concerned, deserves it.
Fighty customers, crap beer, odd opening hours, and half their food menu is off ("sorry mate, we've got no cheese"). Oh, and now their credit card terminal prompts customers for a tip!
Near me, the (nice but always too busy) Old Dairy is getting a cut, and the (mediocre Arsenal fan packed) Bank of Friendship and Arsenal Tavern are getting obliterated. God exists, and he supports Spurs!
This isn't about the bank's security - it is about the users'.
Users are losing billions worldwide due to fraudulent apps. If a user has root and runs a malicious app, it can intercept what a legitimate banking app does. A scam app with root can draw over the screen and tell users to transfer money, or it can run a series of actions when the banking app is running, or do any of a hundred things to steal money.
Sure. But the people who are actually rooting their phones are advanced users and aren't going to install a malicious custom OS. Are naive users getting tricked into rooting their own phones? I'm dubious what the security benefit is of this decision.
These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
There are two ways to root a phone:
1. Unlock the bootloader, install a well designed and highly secure aftermarket OS, relock the bootloader. The device is still just as secure against malware as it was before. Remote attestation shows the vendor that you're running Graphene or Lineage or whatever.
2. Exploit a local vulnerability to drop a sudo binary somewhere. RA shows you're running an exploitable version of Pixel Android, etc.
(2) is absolutely exploitable by fraudsters. They convince the user to run an app or visit a website that exploits their browser or whatever, and the vulns are used to escalate to root and keep it. Now when the user logs into their banking app the HTTP requests are rewritten to command the bank to send money to the adversary. This is why devices that allow escalation to root are excluded via remote attestation.
(1) isn't but it requires more coordination than the industry has proven capable of so far. Binary images of a custom OS could in theory be whitelisted by banks if it was known to be as secure as other operating systems. But there's no forum in which that information can be exchanged. Like, RandOS turns up and the maintainer "xyzkid", identity: anime avatar, claims his OS is super secure. How does random overworked bank developer John Smith know if this is true or not? RandOS doesn't come with any audits, it doesn't have a well paid security team. The brand is a big question mark. And if John makes the wrong call, maybe the bank is now on the hook for millions in losses because someone installed RandOS to get the shiny icon theme or whatever, and then got hacked.
So it's a hard problem. It's not actually a technical problem. Remote attestation is very general. The hard part isn't the tech. It's a social problem. How do you create and rapidly communicate trust in a new binary OS image if you don't have the security resources of an Apple or a Google or a Samsung? Google runs a whole accreditation programme for Android where you can turn up as a phone OEM and get your custom OS builds considered to be secure by passing a huge test suite. So the only issue is OS hackers who fall below the threshold where they can do that.
There's an alternative of course: go full libertarian. Means, just use a "bank" that doesn't care if its users get hacked. This is what the Bitcoin community enabled. It's there if you want it.
I doubt banks or the government would ever white list something like Lineage that's not made by some megacorporation. Also IIRC most phones don't allow you to relock the bootloader after flashing a custom ROM.
>These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
Well it’s more the Dunning Krugerites who see the word “rooting” written by someone in a cyber context, lack that context entirely, and proceed to enter the discussion anyway based on their experience rooting their Android phone 3 years ago after clicking through a few UI buttons.
A rooted android device doesn't run apps as root either, not does it generally allow them to get root access without the user accepting a system prompt.
It is a constant source of confusion. I see it constantly discussed in various freelancer whats-app and freelance groups.
I used to get contracts checked to see if they were Outside IR-35 and I knew I wasn't the only one. So it isn't straight-forward as you suggest.
It can also scare companies off, I have personally experienced this. As a result there are far less Outside IR-35 work. Almost every contractor I know has had to go back perm.
I understand there were many Contractors that basically milked forever contracts, but it kinda screwed over loads of freelancers.
I personally hate being perm. I used to work about 6-9 months a year and I found it relatively easy to find another contract. I had plenty of free time. Now I get the standard 1 month and bank holidays. Really pissed off about the rule changes.
I've been running Wayland on a Framework laptop and it just works. Droves my 4K external monitor, quickly switches to single screen, does fractional scaling well, runs all my apps without complaint.
I had an old Chromebook which had Lubuntu on it - screen tearing was driving me crazy so I switched to Wayland and it is buttery smooth. No mean feat given the decrepit hardware.
I'm sure someone will be along to tell me that I'm wrong - but I've yet to experience any downsides, other than people telling me I'm wrong.
Someone once asked me how I found the time to read so many books. I just prefer reading to most other activities. I'd rather have my nose in a book than [your favourite activity].
It is the same with blogging. I'd rather spend time writing than I would watching YouTube, mowing the lawn, or whatever.
Although, since starting an adult gap year 12 months ago, I've actually been blogging less as I find more interesting things to do than work :-)
reply