<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>As an example, I need the Skype client on my phone because of groups I’m involved in. Skype doesn’t work without Play Services on Android. I even tried the Amazon Appstore version which was very out of date, and it wouldn’t work with modern security features enabled like 2FA on my Microsoft account. (Skype accounts without this are getting hacked left and right lately, my older abandoned Skype account was hacked this weekend.)</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A couple authenticators I use like for Steam and Battle.net are also only available through the Play Store. I tried working around Android’s Google dependence for about a year, before I gave up on it and bought a cheap used Windows device.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Of course, Microsoft has nothing new that works on Verizon, neither Ubuntu nor Tizen seems to be looking at Verizon any time soon. So I'm not sure what I'm going to do when this phone stops being supported. Can't stand the iPhone, but as long as Google has market capture, it may end up my only choice. Suffice to say, I'm rooting for the EU Competition Commission big time this month to set an example for the rest of the world to follow.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Jacob Weisz</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Sent from my Windows 10 phone</p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:orblivion@gmail.com">Dan Krol</a><br><b>Sent: </b>Tuesday, November 8, 2016 7:14 PM<br><b>To: </b><a href="mailto:jcampbell@gnome.org">Jim Campbell</a><br><b>Cc: </b><a href="mailto:discuss@lists.chicagolug.org">chicagolug</a><br><b>Subject: </b>Re: [chiglug] Thoughts on Android variants? (In particular,Copperhead OS?)</p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'>Re: cow - that's pathetic.</p></div><p class=MsoNormal>Jake: Well, what about Cyanogenmod or Copperhead OS? I have Cyanogenmod for now, no Google apps/services. (well, Chatsecure connects to my gmail chat account, if you count that.) But all my applications come from F-Droid.<br><br>For the few things where I want proprietary software... I actually just got another cheap phone with actual Android, hooked it up to a dummy Google account.</p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Tue, Nov 8, 2016 at 10:54 AM, Jim Campbell <<a href="mailto:jcampbell@gnome.org" target="_blank">jcampbell@gnome.org</a>> wrote:</p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p class=MsoNormal style='margin-left:4.8pt'>That is not very cool. Best case scenario for an easily exploitable (not by me, though) root privileges bug - 2 months for a fix. Worst case (and the actual case for most of humanity who own an Android phone) never fixed.</p></div><div><div><p class=MsoNormal style='margin-left:4.8pt'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:4.8pt'>On Tue, Nov 8, 2016 at 8:58 AM sten <<a href="mailto:me@sud0.com" target="_blank">me@sud0.com</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:9.6pt'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:9.6pt'>On Mon, Nov 7, 2016, 15:24 Jim Campbell <<a href="mailto:jcampbell@gnome.org" target="_blank">jcampbell@gnome.org</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='margin-left:.2in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.2in'>It also makes me sad about all of the Android devices out there that are now basically insecure, and will never have any hope of being secure. If even your best device (i.e., Nexus / Pixel) can go unpatched against a well-known vulnerability (Dirty Cow) for about a month, that's not good. I thought this article does a good job in explaining many of the background issues around Copperhead and Android: <a href="http://arstechnica.com/security/2016/08/copperhead-os-fix-android-security/" target="_blank">http://arstechnica.com/security/2016/08/copperhead-os-fix-android-security/</a></p></div></div></blockquote></div><div><p class=MsoNormal style='margin-left:9.6pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:9.6pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:9.6pt'>Looks like the Dirty Cow saga will continue for at least another month:</p></div><div><p class=MsoNormal style='margin-left:9.6pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:9.6pt'><a href="http://arstechnica.com/security/2016/11/fix-for-critical-android-rooting-bug-is-a-no-show-in-november-patch-release/" target="_blank">http://arstechnica.com/security/2016/11/fix-for-critical-android-rooting-bug-is-a-no-show-in-november-patch-release/</a></p></div></blockquote></div></div></div></blockquote></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>