thanks for the response. for what its worth, most people I ask this question to are attempting some form of your first bulletpoint. I think we're on the right track there, it only makes sense.
speaking for myself, your second point is the silver lining of all this, to me. ive never had this kind of pressure before, but I hope that its the kind of pressure that makes me a better dev instead of burning me out.
cheers!
that's a very good distinction, absolutely. its just code generation at this stage.
the review was the bottleneck before (as I believe was already the case for many companies) but now with 10x the code generated for review, the bottleneck has turned into a dripping faucet.
absolutely. we all have to individually decide our priorities in an era where our choices are incredibly limited.
my choice is to have as rock solid of a foundation as possible, so that every step afterwards is harder to compromise. that choice will not be the same for everybody depending on their starting motivations and end-goal posture.
simply sharing where my experience has informed my opinion.
I'm putting that first sentence in my back pocket lol
without going too in depth:
Google and apple have the most money, they create the best hardware (relevant in this case for the hardware root of trust)
A privacy focused individual should also be concerned about security to some degree, making the hardware root of trust a high priority.
Apple locks down their boot process too rigidly to load a new OS without compromising that security.
that's why we're left with Pixels as the only option. Apparently Motorola will be on the table soon. I have no experience with their chip design so I'm curious to see what they release.
If the post is getting deleted on one forum, they should post the findings somewhere else. that thread smells FUDdy to me
hey there, this is really cool. please keep us updated if you have any developments on how you solve the problems, and what else you discover
I checked gadgetbridge and it doesn't look like there's a solution for omnipod. That's about as far as my knowledge can take me.
As far as workarounds: does the app require an internet connection? Could you buy a used android, go to a place with public WiFi to make a throwaway google account, download the app, never reconnect the phone to WiFi again?
blaming the ATC is a shitty thing to do here, friend.
in a job that requires you to be 'always on', these poor fucks are overworked and understaffed. its a miracle there aren't more of these accidents.
Anecdotally, I haven't run into a single Mikrotik deployment since university.
hardware vulnerabilities undoubtedly exist, whether intentional or not. its simply the nature of designing these complex semiconductors.
that said, if one company intentionally creates a backdoor, won't they all? what phone do you buy at that point?
any startup or small phone company may not have intentional backdoors, but I can guarantee their hardware security on all other levels pales to what apple and google can accomplish. I think the question then becomes are you more worried about google having a backdoor, or about third party compromises?
im not a fan of our choices, there is no silver bullet.
I remember something about homes owned by nonresidents, so I believe the second.