Disabling the "accept" button and having that message seems far superior. With this, when you are trying to unselect something you don't want, you get an annoying popup that you may or may not read. It's such a minority case -- most users will intuit that they need to select something and will uncheck "English" and check "Espanol" and continue on with their lives never knowing how dangerously close they came to violating the semantics of the input.
As much as possible you should stay out of the users way and let them decide how to interact.
Then I add the .gitbox folder to gitignore. Whenever I need to interact with the "submodule" repo I unbox, otherwise I leave it boxed and as far as everyone else in the project is concerned, the dependency was just copied n pasted in the project.
If you ever need to regenerate the gitbox folder from scratch you can take a peek at the gitboxinfo file and git clone and reset the dependency repo in a temp folder, then move the git folder next to the gitboxinfo file.
Plus unlike submodules with this you can have local changes to the submodule files without having to fork the submodule itself.
There are ways to solve this without killing off the ability to root phones if this was really about users' safety.
You could for example make it so that phones could only be unlocked within a few days of the purchase (first boot) date, and put a scary warning on it. That'd put a stop to 99% of people being tricked into unlocking it.
You could also put a scary warning on boot that allowed anyone to tell it was rooted to stop people selling them while rooted.
The point of blocking rooted phones isn't "security", it's to maintain control of the user experience.
it is more than to simply maintain control over user experience; it also has to do with the adtech fingerprint id... all the "free" services are provided by their ability to track you and offer those ads
> You could say the same about memory protection and isolation, and yet, here we are.
While it also serves as a security mechanism the most important benefit of memory protection is that it protects against processes *accidentally* corrupting other processes due to mistakes, invalid pointers, etc.
If you want to intentionally mess with other processes memory most OS give you the means to do it in a controlled way, with ptrace in Linux or WriteProcessMemory in Windows, because sometimes it is a useful thing to do.
The problem with Wayland is that they veto useful features they aren't interested in (that admittedly if misused could be a security problem or at least a nuisance) and they don't give any alternative way of doing them, choosing instead to punt the problem downstream to the compositors, who will each do them (or not) in a different way making the whole thing a mess.
Also those features are not limited to esoteric stuff that no one uses.
You cannot, for example, move your own window in Wayland. If you have a multi-window application, like GIMP [1], you cannot have your application position its windows in a reasonable way.
Can a TPM not be used to remotely attest that you are running an unmodified OS and a TPM device that has been approved by the DRM implementer, before handing you an encryption key that never touches the disk?
Can you not restrict the list of approved OS to those that do not allow root/kernel access to the user?
Can you not restrict the list of approved TPMs to those that cannot be "easily" compromised? (i.e. only allow TPMs in the same die as the CPU)
Just because it's not used today does not mean it won't be used tomorrow. Microsoft has not completely pushed this through yet because they know that half of their userbase are pirates. But they are making preparatory steps for it, such as blocking systems without TPM or older CPUs out of Windows 11.
Just look at Android to see what it will look like in a few years.
I have a Linux box set up with secure boot. I manage my own keys, I sign my UKI kernels. I use TPM2 for disk encryption in addition to requiring password. Where does DRM come into this? Where does Microsoft? I use neither. So no, secure boot and TPMs are not "designed for DRM and not to protect you, the user". The fact that some garbage companies have figured out how to use some of these features to harm consumers is another matter but so can millions of other things. Choose the companies you work with well, garbage gonna garbage.
Like I said, just take a look at Android. If you don't have an approved ROM you cannot use banking apps. Or Netflix. Or play most gacha games.
Riot Games's anti-cheat for Valorant will already not let you play if you don't have a TPM and Secure Boot enabled, and I'm pretty sure you need to have factory (Microsoft) keys for it to work.
Google has recently backtracked on their WEI API proposal which would give websites access to TPM remote attestation, but it will be back once people cool off. Once it's released you can count on every website with ads (like YouTube) to slap it on just to ensure you don't block them.
The list of things you cannot do on your Linux box will just keep increasing over time.
They stay unprofitable forever individually but they stay on YouTube instead of making another video site popular, which on the whole is better for YouTube.
But that isn't an as big deal as it sounds. Many use TikTok for example, but TikTok barely pays anything to creators so anyone who gets big on TikTok moves to YouTube to make money. As long as you make the most money at YouTube that will keep happening, and all those ads is why people make so much money making videos on YouTube.
This leads to an Apple situation where Apple doesn't have the most users but most of the money goes to them since they can extract much more money per user. It isn't a bad situation to be in.
I would agree with that if most of the costs of YouTube were paying the creators, but my guess is they're not. If YouTube gives, for example, Vimeo the chance to become big enough and they just happen to be more efficient than YouTube and also decide to pay the creators just a little bit more than YouTube, isn't it even a tiny bit reasonable that maybe Vimeo could gradually replace YouTube in the future?
Of course Vimeo would have to fight off adblockers too to compete in money extraction with YouTube but that's not my point, my point is that YouTube now has a monopoly and any actions that threaten that, such as strongarming people into watching 3 preroll unskippable ads, are in my opinion silly and self-defeating.
They're just too greedy. If they made the price of YouTube Premium something reasonable ($1 or $2 a month instead of $14 or whatever it is) they would get a lot more subscribers and probably even get more revenue. $1 or $2 is not worth spending even 10 minutes digging in obfuscated JavaScript to fix an adblocker, so this whole thing would go a lot smoother for them if they charged that. Even if $14 is not a lot people just don't want to pay that much.
