It's not just the status quo, it's a nightmare to enable. Somehow between Google Play Advanced Protection and Google Account Advanced Protection I have to resort to several reboots and adb + USB debugging sideload to get an app loaded. @.@
The point is "a warning" is not enough to communicate to people the gravity of what they are doing.
It is not enough to write "be careful" on a bag you get from a pharmacy... certain medications require you to both have a prescription, and also to have a conversation with a pharmacist because of how dangerous the decisions the consumer makes can be.
Normal human beings can be very dumb. It's entirely reasonable to expect society to try to protect them at some level.
OK so make the warning more annoying. Have a security quiz. Cooldown period of one day to enable. Require unlock via adb connected to laptop.
There are alternative solutions if the true goal is maintaining user freedom while protecting dumb users. But that is not the true goal of the upcoming changes.
- Don't reset it every 5 days / 5 hours / 5dBm blip in Wi-Fi strength, because this pretty much defeats end-user automation, whether persistent or event-driven. This is the current situation with "Wireless Debugging", otherwise cool trick for "rootless root", if it only didn't require being connected to Wi-Fi (and not just a Wi-Fi, but the same AP, breaking when device roams in multi-AP networks).
- Don't announce the fact that this is on to everyone. Many commercial vendors, including those who shouldn't and those who have no business caring, are very interested in knowing whether your device is running with debugging features enabled, and if so, deny service.
Unfortunately, in a SaaS world it's the service providers that have all the leverage - if they don't like your device, they can always refuse service. Increasingly many do.
Prediction: Android will roll out a flow for “experienced users” that they promised in November with “in the coming months” (https://android-developers.googleblog.com/2025/11/android-de...), which will allow “experienced users to accept the risks of installing software that isn't verified”. And even then people will still complain Google is being too controlling by making the warnings too scary / the process too onerous, etc. (I don't expect installing apps from source via adb connected to laptop to go away!)
I do? It's a trivially comparable thing? I'm not even talking about ALL prescription drugs. I'm talking about the fact that some have interactions that can kill you. Having "life savings gone" consequences from a random app install is that level of danger.
A non-trivial number of people should probably have to go see a specialist before being able to unlock sideloading in my opinion... which means we probably all would have to. It's annoying, but I actually care about other people.
I have a hard time with this because it's the world we've lived in forever. Everyone knows installing an "app" installs an executable.
Doesnt android require a specific permission to be user-accepted for an installed app to read notifications? I think it's separate from the post-notifications permission.
This seems to be an issue of user literacy. If so, doesn't it make more sense for a user to have the option to opt into "I'm tech illiterate, please protect me" than destroy open computing as we know it?
this. just like how when you start playing a hard esoteric game like an RTS or MOBA, they ask you what your degree of comfort/experience with the genre is to avoid making a pro player go through the tutorial and vice versa.
In an ideal world where governments and corporations weren't trying to lock us into a closed system for massive surveillance and control, during the installation/setup of a mobile phone should be a question about tech literacy and protection. Selecting any option that isn't "I'm tech illiterate, please protect me" should be very annoying. There should be many warnings in uppercase bold red letters telling the user it can be dangerous and listing those dangers. But if I'm a developer and want to patch my kernel or modify the system as I please, I should be able to do so. If i want to install a malware app in a burner phone to study its behavior (or just for fun) I should be able to do so.
There would probably be one or two grandmas that would still somehow choose the pro hacker mode and get scammed down the line, but I think that minuscule amount of harm done is very much preferable to closing out *literally everyone else* from using the devices THEY BOUGHT.
You can add 5 layers of "are you sure you want to do this unsafe thing" and it just adds 5 easy steps to the scam where they say "agree to the annoying popup"
You could even make this an installation-time option. If you want to enable the switch afterwards, you have to do a factory reset. Then, the attackers convincing the victims would get nothing.
Or make sideloading available only after 24 hours since enabling it. I would enable it on my new devices and wait 24 hours before installing F-Droid and other apps. Not a problem. Scammers might wait one day too but it decreases the chances of success because friends and family members can interfere.
But I'm afraid that this is security theater and the true goal is to protect revenues by making it hard or impossible to install apps that impact Alfabet bottom line (eg third party YouTube clients.)
> But I'm afraid that this is security theater and the true goal is to protect revenues by making it hard or impossible to install apps that impact Alfabet bottom line (eg third party YouTube clients.)
It's not just them. Every other SaaS, from banks to media providers to E2EE[0] chat clients to random apps whose makers feel insecure, or are obsessed with security [theater] best practices, just salivate at the thought of being able to check if you're a deviant running with root or debugging privileges, all because ${complex web of excuses that often sound plausible if you don't look too closely}. There's a huge demand for device attestation, remote or otherwise.
In the case of most of those business it's only because they must mark checkboxes on a regulation compliance sheet and/or deflect blame on someone else. The problem is that this is a never ending spiral of regulation after regulation and new ways to deflect blame so after device attestation will fail to solve all of their problems they'll end up pushing something else.
That's... brilliant. Enough work to not be able to talk it though over the phone to someone not technical. A sane default for people who don't know about security. And a simple enough procedure for the technically minded and brave.
It solves the 'smartest bear / dumbest human' overlap design concern in this situation.
They are already buying a locked down phone most of the time. And they already want this! (Unfortunately the bootloaders are locked, as far as I know.)
Developers want developer phones, non-developers want safe phones that are resistant to their and their shitty bank's goddamn fucking stupidity. (Because banks UX is so so so so bad that most of the time the phishing attack seems like just a normal part of the bank's UX.)
But it's hard to separate people on a webshop, if a shop runs out of non-developer phones they'll happily sell the developer phones to non-developers.
I was thinking about the ability of representing different kinds of numbers. Imagine that we had a certain CPU that could process algorithms, and the final output of the algorithm is a number. The CPU has a certain number of operations (At least https://en.wikipedia.org/wiki/One-instruction_set_computer). Then, if the algorithm can be described with an integer (since the algorithm can be described with binary), then... can integers describe Real numbers?
Managers will be starting to ask for claws in the development flow, claws for automation, etc. Another flashy trend everyone will have to endure because an influencer is hyping the tech. It happened in 2024/2025. Every manager demanding use of "vibe coding", because they bought the lie that is what everyone is doing and is the best thing since sliced bread and whatnot. Karpathy comes up with a new shit to hype, and everyone will jump on the bandwagon. It's exhausting. It's like when there was a new frontend framework every single month and everyone just following the trend. Backbone is good enough. Then Vue. Then react. Then angular. Then svelte. Then SolidJs. Then Astro. Probably now everyone and their mothers will try to come with another abstraction layer on top of llms, then on top of agents, then on top of claws. Like I said, it's exhausting and the ROI of jumping every single fucking trend is becoming really hard to see.
Stop taking work so seriously. You're getting paid to deal with other people's nonsense, and if you're in tech you're getting paid better than most to deal with less than most. The next time you're about to have a cry session about your meanie boss asking you to use AI, try to remember that you're allowed to walk straight out the door, without so much as two weeks notice if the request is really so offensive to you. You can get a job flipping burgers instead, lots of people make ends meet with jobs like that. And instead of your boss asking you to use a claw or some other silly AI thing, maybe he'll ask you to clean up the diarrhea some degenerate sprayed on the bathroom walls. A little perspective for you. If you want to learn what the word "exhausting" really means, quit tech.
> You're getting paid to deal with other people's nonsense, and if you're in tech you're getting paid better than most to deal with less than most.
The problem is that you are paid for two things that are often contradictory to each other
1. writing good code
2. dealing with other people's nonsense
Many good coders really care about 1, so of course they are complaining.
---
Concerning the argument that tech pays so well: this is very US-specific; in many other countries working in tech is rather some job that may pay the bills, but not more. So people who work there often do it because they are insanely passionate about programming.
This again, as I already outlined above, means that they really care about good code, and if "other people's nonsense" means sacrificing this, it will make the respective employees really furious.
This framing sucks. "I'm unhappy with the job I put years into honing my skills for, but since I make decent money I should shut up even when even things are happening that I don't like." And as if "flipping burgers" is the only alternative.
I think that semantically this question is too similar to the car wash one. Changing subjects from car to elephant and car wash to creek does not change the fact that they are subjects. The embeddings will be similar in that dimension.
Every word and every hierarchy of words in natural language is understand by LLMs as embeddings (vectors).
Each vector has many many dimensions, and when we train the LLMs, their internal understanding of those vectors sees all sorts of dimensions. A simple way to visualize this is a word's vector being <1, 180, 1, 3, ... > which would all mean a certain value at that dimension. In this example say the dimensions are <gender, height in cm, kindness, social title/job, ...> . In this case, our example LLM could have learned that the example I gave is <Woman, 180, 100% kind, politician, ... >. The vector's undergo some transformation so every dimension is not that discretely clear cut.
In this case, elephant and car both semantically look very similar to vehicles. They basically would have most vectors very similar.
See this article. It shows that once you train an LLM, and you assign an embedding vector for each token, then you can see how the LLM can distinguish the difference between king and queen: man and woman.
LLMs are great at knowledge transfer, the real question is how well can they demonstrate intelligence with "unknown unknown" types of questions. This model has the benefit of being released after that issue became public knowledge, so it's hard to know how it would've performed pre-hoc.
Acceptable use
Claude Code usage is subject to the Anthropic Usage Policy. Advertised usage limits for Pro and Max plans assume ordinary, individual usage of Claude Code and the Agent SDK
"""
That tool clearly falls under ordinary individual use of Claude code. https://yepanywhere.com/ is another such tool. Perfectly ordinary individual usage.
The TOS are confusing because just below that section it talks about authentication/credential use. If an app starts reading api keys / credentials, that starts falling into territory where they want a hard line no.
Is there a way to legally or even practically prevent this? `claude` CLI execution in a shell is certainly included in the subscription - it’s the product.
Railway is awesome! Pretty different use cases though - Railway's MCP is for deploying and managing persistent services (git-push-to-deploy). CloudRouter is about ephemeral sandboxes: the agent spins up a throwaway VM, does its work, and tears it down.
All of those technologies of the past can be managed by humans. Once computers can manage themselves AND other technologies and people, I think it'll be a different situation.
What do you mean by syncing? Happy coder syncs sessions between all my happy coder clients. I can even see in real time how happy coder in my browser's conversations progress as well as on my phone, in parallel.
Omnara also displays realtime conversations between all Omnara clients. What I mean by syncing is syncing your conversation and code changes to a cloud sandbox, which is useful if you're using Omnara on your laptop and you close your computer (as explained in the original post). If you run your agents on a persistent cloud VM, then this is less of a value add.
I can voice chat with Happy coder.
We use https://docs.livekit.io/agents/ which runs the voice agent in the cloud (to enable the above use case, and a better experience when you're using your phone when it's off), whereas I believe happy runs a client-side voice agent.
Thanks for answering my questions! I see that Happy Coder is not far from Omnara. I hope Omnara can be not too far from E2E encryption. The lack of E2E encryption was why I didn't chose Omnara.
I can voice chat with Happy coder. Also, I run happy coder in a sandbox of mine on my computer. What do you mean by syncing? Happy coder syncs sessions between all my happy coder clients. I can even see in real time how happy coder in my browser's conversations progress as well as on my phone, in parallel.
Happy is an abandonedware unfortunately. It's a great app and dev can capitalize a lot from it but for some reason he hasn't been seen or heard in months since the last release.
There are attempts to create a fork maintained by other developers, but they're yet to be launched.
reply