BuoyantCitrus

My Keychron Q11 showed up recently and I've been super happy with it. Main reason was that my Noppoo Choc Mini finally lost a switch and I don't have any on hand (nor a soldering iron ...yet) but it turns out I actually really wanted the pair of rotary encoders on this and didn't even realise.

Specifically, I've got it bound to Ctrl-PgUp/PgDown so I can scroll through my tabs with it and close them with a click binding to Ctrl-W and that's working out really well.

Anyone else use the knobs like that? I've got the other one set to volume and the vendor had zoom as a suggestion but I wonder what else people do with these?

Bonus newb Q: On the product page they demonstrate binding Ctrl-+ zooming to the encoder via a macro but neither macro13 nor the {KC_LCTL,KC-W} type syntax would let me click "Confirm" when trying to associate it to the knob in Via (eg. it wouldn't let me follow their example). Luckily it was happy with the alternative of LCTL(KC_W) that I stumbled on somewhere but now I wonder how to properly associate a macro to a knob?

cross-posted from: https://lemmy.ca/post/1926125

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?