The outcome was already predetermined when the legislation was passed, and the report is being written with that in mind. The report basically has to push it forwards. If this had been done by the ALRC it would have looked quite different.

Your work computer likely contains personally identifiable information. Microsoft very likely has a significant profile on what you do at work and could conceivably link that to your other identities outside of work.

Are they actually doing that? It’s hard to say. Microsoft does have relationships with data brokers like Snowflake Inc. and SCUBA plus its own internal capabilities like Xandr Inc.

Cross pollination is more than possible when employees use personsal devices to login to work accounts. Most of the people that I work with login to Slack on their personal device using Microsoft Entra SSO.

My previous job, yes! A few people had that fight years before I started and won. It was decided on the basis that we’re Linux sysadmins who already operate a sizeable fleet of Linux systems and running our own desktops would be beneficial and self-supported.

Sadly my current employer doesn’t share this view. We used a crippled Linux desktop through Apache Guacamole which is a bit average to say the least. I have to put up with the constant bullshit that is Windows and all of its ads, news headlines and trash that I don’t want on my computer at work. I hate it but I have very little influence in that space.

Will Signal block Australian IP addresses, or nix accounts that have a +61 phone number? I’d assume the former but if Signal and other social media platforms go for the latter it will be painful for Australian netizens.

I wonder if they’re planning road diets on the surface. Maybe some bike lanes, bus lanes and wider footpaths.

(For the record I highly doubt that, but if such a wasteful project were to go ahead that would be the best concession IMO).

yggmail specifically, probably not. yggdrasil uses TCP/IP and the Meshtastic latencies to perform connections would be too high AFAIK. It would probably only work in a fairly well-connected network. yggdrasil could be used directly over a WiFi protocol but it would need fairly good reception to function.

N.B. I haven’texperimented with this myself.

yggmail is a fairly obscure and experimental take on email on a mesh network: https://github.com/neilalexander/yggmail

https://forums.debian.net/ exists for Debian

Graphene shills have been banging on this point for donkey’s ages. Reality is that many people use phones that are out of OEM support and many OEM ROMs are bundled with questionable software (Oppo, Samsung etc.) There are some decent criticisms to be made about LineageOS, but others to be made about Grapheme, like its Google-suggestive configurations, which is quite bad for security and privacy. Graphene says this is all optional and not part of the OS, but doesn’t include any equivalent F-Droid installer.

My original reply to the OP’s question, thoughts and experiences with GrapheneOS, was along the lines of “I think GrapheneOS is Google-centric” and you disagreed saying that GrapheneOS was a “blank slate”. Honestly I think you’re being a bit defensive and maybe a little gaslighty which is why I downvoted.

GrapheneOS provides fairly prominent links to a Google Play installer or the relatively obscure Aurora Store. The Aurora Store client app is FOSS but the store is quite literally a proxy for the Google Play Store. The apps in the screenshots on Ausora Store’s homepage are mostly apps that use or require Google Play Services. This is all very Google-centric.

If Google Play wasn’t an important part of GrapheneOS, it could just not contain a prominent link to the Google Play installer. Or it could contain a link to install a fairly prominent app store that offers an ecosystem outside of Google Play. But it exclusively steers users to the Google Play ecosystem as a part of the default, packaged experience, hence my original reply to the OP.

But it is Google Play-centric. There is an option to install Google Play. There is not an option to install other app stores like F-Droid, unlike some of the other AOSP clones.

Screenshot for you. Google is explicitly linked to for easy setup. F-Droid is not. “There is nothing” is simply disingenuous.

I use GrapheneOS but I don’t like how Google Play-centric it is. It is geared towards people installing their “normal” apps with the GrapheneOS special sauce sandboxing. No F-Droid by default where all of the FOSS apps are.

PSA: if your financial institution/government/<other website> is using SMS codes (aka PSTN MFA) for multi-factor authentication they are practically worthless against a determined attacker who can use SIM swap or an SS7 attack to obtain the code. Basically you are secured by a single factor, your password. If your password is compromised it may be sold via black hat marketplaces and purchased by an attacker who would then likely attempt to break that second factor.

The best way to protect yourself is to use a unique password; a password manager especially helps with this. Sometimes institutions will offer “Authenticator” (TOTP) as a second factor, or PassKey authentication, both secure alternatives to SMS codes.

Here in Aus I’m working with Electronic Frontiers Australia to try and force some change within government and financial institutions (via the financial regulator). Most banks here use SMS codes and occasionally offer a proprietary app. One of the well-known international banks, ING Bank, even uses a 4 pin code to login to their online banking portal. 😖

Unfortunately SMS codes are a legacy left from old technology and a lack of understanding or resourcing by organisations that implement it. Authenticator/TOTP tokens have been around for 16 years (and standardised for 13 years), and PassKeys are relatively newer. There is a learning curve but at the very least every organisation should at least provide either TOTP or PassKeys as an option for security-minded users.

Yeah it is a bit of a pain. I currently only have a few users. Tooling-wise there are ways to tail the journals (if you’re using journalctl) and collate them but I haven’t gotten around to doing this myself yet.

That’s probably a fair point. I can’t say too much as I haven’t touched Windows desktop or server too much.

Could be apples vs oranges here though as we’re talking about getting started versus well established setup, but my current employer is looking at adopting Ansible + Packer for imaging and partially Ansible-managing Windows servers where it makes sense because of limitations in SCCM and GPO. As far as I can see across the divide Windows Server isn’t all smooth sailing.

I can’t say I’ve managed Linux desktops at scale (so technically I should leave it there) but I do manage several hundred Linux VMs with Ansible, and I manage all of my PCs with Ansible. Desktops are a different ballgame to servers, dealing with end users and all, but I still don’t think it would be that hard once it’s been set up.

That sucks :( I’m pretty much in the same boat. I get to use a Linux desktop at work on the proviso that I don’t raise support requests. We use Microsoft for nearly everything so naturally it’s an uphill battle. The web UI is quite buggy and “not recommended” by my org. Teams doesn’t support Firefox so I have to run a separate browser especially for it.

But aside from interfacing with Microsoft everything just works, and really nicely.

That’s awesome - great to hear about Linux desktops bring used by non-techies especially in a company.

How was it received out of interest?

At work we use separate clusters for various things. We built an Ansible collection to manage the lot so it’s not too much overhead.

For home use I skipped K8s and went to rootless Quadlet manifests. Each quadlet is in a separate non-root user with lingering enabled to reduce exposure from a container breakout.