That is a critical observation. Last time I had to root an Android device it hat pretty robust defenses like dm-verity and strict SELinux policies (correctly configured) and then everything collapsed because the system loaded a exfat kernel module from an unverified filesystem.

Permitting user-loaded kernel modules effectively invalidates all other security measures.

I'm quite surprised to learn that Android allows this

What’s the alternative—locking down all legitimate users and still losing the data anyway?

Network controls alone don’t stop exfiltration. HDMI/DP can move data faster than most consumer NICs. Does the system account for that scenario?

It's a matter of layers. Banning VPNs isn't a perfect measure. But it makes it a lot easier than when you let everyone cowboy around.

Same with RBAC. It's not perfect because some people need legit access to stuff and it can be abused. But it makes it much harder for bad actors.

> Network controls alone don’t stop exfiltration.

Stop signs alone don't stop all traffic accidents.

What is not only true for police but for every sufficiently big group of people.

Cops do have some unique tendencies but I think the real issue is the cops are able to leverage the power of the government in ways other large groups cannot.

The problem with police is a) that police have to deal with bad people and it is very hard to stay untainted when you constantly deal with bad people, and b) being a cop is no longer a desirable or rewarding job which not only causes applicant pool issues but also polarises the job and police force itself. Then the nature of polarisation is that it is self reinforcing. So if your job isn't rewarding financially or socially, the "perks" must come from somewhere and so it attracts people who seek to abuse power etc

> So if your job isn't rewarding financially

I don't know where you are, but some of the highest paid public employees in my state are police. In fact, median salaries for cops are higher than those of software engineers.

Add the fact that they get generous pensions + benefits, and can retire at 45 and draw from that pension until they die, they have it better than most of the people they police.

It's one of the only professions where you can make north of $250k+ a year doing overtime by sitting in your car playing Candy Crush all night.

I believe strongly that people have zero problem paying their knuckle dragging police fuckwad of the day $150k if they would actually do the job they signed up for. It’s the fact that 99% of them can’t handle it that pisses people off

I don’t agree that police isn’t attractive or rewarding, the salaries have gone up and requirements reduced (college degree requirements in places for example)

Come with a pension and active lifestyle with a club(FoP) and a union in some positions, its ostensibly public service and you get to much more than peek behind the curtain.

Personally, I feel both ways about cops writ large. I feel like we could do a lot better really easily(mandatory body cam recordings please? Our guys literally just take them off.), and on the other hand I get it, they’re doing important work often enough.

Could you please stop that? First it is not true. "Open Source" has nothing to do with the "Open Source Initiative" it existed long before. Second you are making people keep their source closed (not available) which is not a good thing.

I think mandatory S/MIME without user-friendly key management would either be reverted pretty soon or it would kill Gmail.

Google would have to build some kind of Let's Encrypt for S/MIME before they turned on the encouragement.

I think he would attempting a landing despite the issue in most cases because running out of fuel during go-around would be worse.

Too late, switched to DBeaver Community some months ago and it works too well for me to switch back again.

Maybe because xen is a type 1 hypervisor in its original meaning and all the other ones are type 2? (yes, ESX(i) doesn't use linux but it also brings its own os on which it runs on top)

And debug many tools which still ignore the fact that malloc could fail.