Hans-Christoph Steiner @eighthave@librem.one

There are so often scary headlines talking about aging populations and declining birth rates. For example: https://www.politico.eu/article/italy-birth-rates-coronavirus-pandemic/

This is actually good news on a number of fronts: people can freely choose children or not; the #climate needs fewer people living high-impact, developed-world lifestyles; and historically, shrinking populations give more power to the masses. Productivity is still growing, so the economies will be fine. For a real world example, see Japan's declining population.

I think I found the answer in this error message:

Unable to strip library '/builds/eighthave/torservices/app/build/intermediates/merged_native_libs/release/out/lib/x86/libtor.so' due to missing strip tool for ABI 'X86'. Packaging it as is.

If the binaries on Maven Central include debug symbols, then stripping them while assembling the APK will change them. I wonder what the right thing to do is here? Ship stripped binaries? Require stripping in the APK build? Disable stripping?

If anyone is looking for a #ReproducibleBuilds #Java / #Android project to hack around with, jtorctl now builds with #Gradle (from gradle.org or #Debian), #Maven, and #Bazel with sketches of Ant. The idea is that if all the build tools make the same JAR, no need to trust the build tool.

https://GitLab.com/eighthave/jtorctl or https://GitHub.com/eighthave/jtorctl

Another bit for the annals of #ReproducibleBuilds: the new TorServices app is reproducible across a couple machines. It uses a reproducible libtor.so binary from a Maven Central artifact, which is pinned by SHA-256 using Gradle Dependency Verification. I built TorServices on yet another box, and this time, it had diffs in the libtor.so. WTF, how is that possible? It just had to copy the libtor.so from AAR to APK. I guess it could have been a glitch in that computer, or hacked test build box.

Just finishing up the first release of a new #Tor provider app called TorServices. It is meant as a stripped down, Android-native system service. It is built on the new Android-native TorService, which can also be embedded into apps.

Get nightly builds here:
https://gitlab.com/guardianproject/torservices-nightly

The core service is available at https://gitlab.com/guardianproject/tor-android

@Bubu as much as I agree that Cellebrite is a shady company, forensic extraction like what Cellebrite does is also central to catching corrupt politicians, CEOs, human traffickers, etc.

Looks like the UK has also exported basically zero vaccine.

It looks like there is a lot of wiggle room in these exceptions: https://developer.android.com/training/package-visibility/automatic

I just thought of a potential limitation of #Android's new QUERY_ALL_PACKAGES permission that might make it almost pointless: apps can create an Intent and query for which apps respond to that Intent.
It seems like with a small set of Intents, you could effectively query for the vast majority of the apps. Can anyone confirm this?

If so, it seems like they've created the INTERNET permission again, as in a permission that only restricts good actors, and bad actors can easily circumvent it.

If you think the #EU #Vaccination rates are "bad", consider that the US banned vaccine exports, while the EU is exporting half of what it produces. The rest of the world matters too, even if you look at it from a point of view of self-interest.