pressenza.com/it/2025/01/carra…
Carrara avrà una statua dedicata a Che Guevara, la prima in Italia si spiega dal Comune dove stamani l’opera è stata presentata. L’inaugurazione il 31 gennaio: la scultura, intitolata ‘El Che’, sarà collocata sulla scalinata del Baluardo, in una delle…
Redazione Toscana
Carrara, la prima statua dedicata a Che Guevara in Italia
Carrara avrà una statua dedicata a Che Guevara, la prima in Italia si spiega dal Comune dove stamani l'opera è stata presentata. L'inaugurazione il 31Redazione Toscana (Pressenza)
Yes!!! 🙌🏼
My latest video on Trump's attack on democracy has reached 1000 views.
The external viewers came from
— Mastodon: 52.2 percent
— Facebook: 19.4 percent
— Bluesky: 6.5 percent
You guys made this! ♥️🐘
Video: youtube.com/watch?v=xTIFRUpItn…
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
razzospaziale reshared this.
i watched using "yt-dlp", so probably it didn't count in views.
being privacy advocate, i avoid alphabet inc's services, and if i have to use them, i try use them in certain tools.
consider using joinpeertube.org/ . you have to pick server though.
does alphabet inc kiss orange dictator's hole like elon musk and mark ssuckerberg, i think google starts to push pro-trump garbage, maybe in your android device or chromium based browser.
What is PeerTube? | JoinPeerTube
A free software to take back control of your videos! With more than 600,000 hosted videos, viewed more than 70 millions times and 150,000 users, PeerTube is the decentralized free software alternative to videos platforms developed by FramasoftJoinPeerTube
Randahl Fink reshared this.
They have to find a way to create a second republic. This one is no longer a republic.
GitHub 2024 Year Review for Orange-OpenSource 
#GitHub #Orange #opensource #androiddev #iosdev #designsystem
github.com/Orange-OpenSource/f…
🎉 Orange-OpenSource GitHub Year 2024 review out! ✨ · Orange-OpenSource floss-toolbox · Discussion #187
2024 was a nice year fo open source at Orange! 💪 Here are some curated metrics and figures extracted thanks to our toolbox and GitHub API. Find attached the log with all the outputs. 🤩 Most famous ...GitHub
We're jazzed to announce that Kieran Healy (@kjhealy), sociology professor and longtime contributor to the data science community, will be a keynote speaker at posit::conf(2025)!
Kieran plans to discuss Honest Data Visualization. Today, the tools for honest science are better than ever, but it's also never been simpler to just make stuff up.
Sept 16-18 in Atlanta. pos.it/conf
#PositConf2025 #DataScience #OpenSource #Python #rstats #pydata
🥳 It's not too late to wish you a Happy New Year!
Here is a quick 2024 RetrOSPOctive.
👉 Full recap & 2025 plans: ospo-alliance.org/news/20250127_hny_retrospoctive/
How is #guix used as a #GNU #Linux #distro ?
System level packages are managed through #declarative configuration same as #nixos . User level packages using Guix Home.
Roughly 50% use guix home to manage their #dotfiles - big increase over hosted users.
40% to package their own #software - 36% for #isolated #development.
Lots of requests to deal with #dev dependencies (e.g. Python's requirements.txt) and languages like #rust #golang and #npm
See:
guix.gnu.org/en/blog/2025/guix…
Guix User and Contributor Survey 2024: The Results (part 2) — 2025 — Blog — GNU Guix
Blog posts about GNU Guix.guix.gnu.org
"Diaz is just one of many neo-nazis who are also people of color. While Black neo-nazis are rare, in comparison Latino neo-nazis are fairly common. Latin America itself is honeycombed with neo-nazi groups, and is just one of the many places around the world where they can be found.
This may seem counterintuitive, if not nonsensical, for those who think of neo-nazism as the most extreme form of white supremacy which seeks the extermination of people of color. But the history of National Socialism is far more complex than many think, and the history of non-white National Socialists stretches back nearly a century."
Source: unicornriot.ninja/2023/nazis-o…
Nazis of Color - UNICORN RIOT
In May 2023, when Mauricio Garcia killed eight people in an outlet mall in Allen, Texas, it seemed like just another senseless mass murder similar to innumerable school shootings.unicornriotuser (UNICORN RIOT)
🏃♀️ For this two-player session, Emma decided to run all over the place...
Personally, I prefer to have fun on the merry-go-round, as I accumulate a lot more fun! 🎉
🎮 studios.ptilouk.net/little-bra…
#LittleBrats #VideoGames #snippet #playground #school #recess #winter #splitscreen
Per chi si interessa di mercati finanziari oggi avrà letto del crollo dei listini tech per "colpa" di una robina di cui ho parlato qui:
mastodon.uno/@out/113882487789…
La cosa divertente è che questi ci hanno messo 2 mesi e 6 milioni di verdoni contro miliardi e anni, un po' come il ban del ciuffetto a Huawei per favorire Apple, il risultato è che a breve potranno costruirsi da soli i chip a 3nm.
Ottima scelta.
Ah, è open source.
Mi rendo conto che una IA (siamo ancora italici per quanto sudditi) cinese possa essere un rischio (è limitata) però piuttosto che ingrassare trumpettisti e lacchè vari tento la sorte: da giorni ho scaricato apk dal Playstore sul muletto di prova con account carciofone. Qui un po' di riferimenti:hdblog.it/business/articoli/n6…
github.com/deepseek-ai/DeepSee…
github.com/deepseek-ai/DeepSee…
GitHub - deepseek-ai/DeepSeek-V3
Contribute to deepseek-ai/DeepSeek-V3 development by creating an account on GitHub.GitHub
Good morning to readers; Kyiv remains in Ukrainian hands.
The Baltic has been tense since 2022 – its murky waters the setting to a new ‘hybrid warfare’ targeting undersea cables.
Lithuanian sailor Eric scans the horizon for suspicious activity, ever vigilant of new threats.
To read more about Lithuanian naval patrol work in a time of rising maritime tensions, read the issue through the link.
counteroffensive.news/p/shadow…
Shadowing Russian hybrid warfare ships in the Baltic Sea
The cutting of underway cables in Europe indicate a shadow war between Russia and NATO is already underway. We joined a Lithuanian naval patrol seeking to push back against Russia’s tricks.Theo Prouvost-Mauzé (The Counteroffensive with Tim Mak)
NEWS OF THE DAY:
TOP DEM SENATOR: DON’T TAKE EYES OFF MOLDOVA, ROMANIA: As violent as the war in Ukraine is, there are broader Russian threats that the United States needs to pay attention to, said Sen. Chris Coons, a senior Democrat on the Senate Foreign Relations Committee.
BELARUSIAN DICTATOR CLAIMS VICTORY FOR SEVENTH TIME: Lukashenko "secured" nearly 87 percent of the votes with a turnout of 85.7% in the presidential election.
kyivindependent.com/lukashenko…
Lukashenko declares himself 'winner' of Belarus’s presidential vote blasted as sham
Belarusian dictator Alexander Lukashenko declared himself president for his seventh consecutive term in an election internationally deemed as neither free nor fair.Sonya Bandouil (The Kyiv Independent)
N KOREAN SOLDIERS RETREAT: After suffering heavy losses, North Korean troops temporarily withdrew from the frontline in Russia, Sky News reports. The North Korean troops fear being captured and have been told to detonate grenades near themselves to avoid it.
news.sky.com/story/north-korea…
North Koreans 'blow themselves up with grenades rather than risk capture', say Ukraine soldiers
Interviews with several Ukrainian troops reveal North Korean troops they have encountered show an apparent initial lack of awareness about the threats from drones and artillery, as well as a refusal to be taken alive.Defence editor Deborah Haynes and producers Azad Safarov and Katy Scholes in northeast Ukraine (Sky News)
ISRAEL TRANSFERS WEAPONS TO UKRAINE: According to The Telegraph, it is likely that Israel has started transferring weapons to Ukraine that were seized by Israeli forces in the Gaza Strip and Lebanon.
telegraph.co.uk/world-news/202…
Israel 'sends weapons captured in Lebanon to Ukraine'
Around 60 per cent of weapons captured by Israel during the fight with Hezbollah were made by the Soviet Union and RussiaJames Kilner (The Telegraph)
HUNGARY READY TO SUPPORT THE EU IN EXTENDING SANCTIONS AGAINST RUSSIA: Budapest may abandon its plans to veto the extension of sanctions against Russia if the deal includes Hungary's concerns about its energy security.
politico.eu/newsletter/brussel…
Musk fuels far-right fears in Germany
Presented by Bayer By NICHOLAS VINOCUR PRESENTED BY Send tips here | Tweet @NicholasVinocur @swheaton @EddyWax | Listen to Playbook and view in your browser GREETINGS. This is Nick Vinocur. We’ll g…Nicholas Vinocur (POLITICO)
A post from the developer of WireGuard on the severe security flaws and lack of trustworthiness of F-Droid:
gitlab.com/fdroid/fdroiddata/-…
This led to them including a self-update system which was openly implemented and documented. F-Droid was unaware they'd shipped it for half a year, and by then WireGuard had essentially escaped from in their words being held hostage by F-Droid.
This was a rare case where an app used developer signing keys via their flawed reproducible builds system. Most don't.
wireguard inclusion policy violation (auto-updates w/o explicit user consent) (#3110) · Issues · F-Droid / Data · GitLab
Per https://f-droid.org/en/docs/Inclusion_Policy/ The software must not download additional executable binary files (e.g. addons, auto-updates, etc.) without explicit user consent....GitLab
B. reshared this.
F-Droid has incredibly poor security practices and a strong anti-security attitude held by most of the people involved. They've consistently engaged in coverups of vulnerabilities and targeting multiple security researchers with libel and harassment.
It's a massive single point of failure and not worthy of the trust many people are placing in it. It's adding another trusted party compared to using the apps built and signed by the developers. It is not avoiding trust in the developers of apps.
filobus reshared this.
The risks F-Droid excels in managing by being a curated app store is protection from scam and phishing apps.
I know of not a single case where a fake or scam app has been part of F-Droid, which makes it a lot easier to recommend.
Do you have any good alternative curated app store?
@sheogorath It's curated in the sense that they only have open source apps in it. They don't have any real standards beyond stuff being fully open source. The selection of apps is very arbitrary and tons of high quality modern apps are not included in it while tons of obsolete and insecure apps are included. Some apps which would be fine to use are not because they end up doing weird things like downgrading the dependencies
F-Droid has absolutely had fake/scam apps including of one of ours.
Regularly not shipping critical Firefox security patches for months is the norm for the main F-Droid repository. Whether or not they sign the apps themselves as they do for the vast majority of apps, updates can be indefinitely delayed based on issues with their outdated infrastructure or their Debian-style downstream patches needing to be updated.
For the small subset signed by the app developers, many kinds of disagreements between F-Droid and developers will mean an end to receiving updates.
You are not the only ones that struggle with f-droid. (There is an ongoing struggle to fix certificate pinning by f-droid by a former maintainer, which has neither been acknowledeg nor accepted).
But the question is: what alternatives are there? As far as i can tell, f-droid is the only large scale-repository of open source apps there is.
@newhinton F-Droid doesn't actually package as much of the open source Android app ecosystem as people think it does and a lot of what are packaged are obsolete, unmaintained apps instead of the many high quality ones which aren't in it.
F-Droid stands in the way of better solutions being developed and adopted. It existing is the problem. It stops a group of people who actually care about providing proper updates, security, etc. making something better.
B. reshared this.
I think you should stick to technical objective criticism. If you want to move to social science speculations then I reply that messages like this weakens your point.
The evil marketing department of F-Droid Inc. is preventing better alternatives to be known... no wait, no even *exist* because security experts feel defeated from the start. This is what your whining sounds like.
The reality? Those security experts just don't volunteer.
Oh come on, it's FOSS we are talking about, just fork or start your project. In fact I never said they should contribute to F-droid specifically if they don't want to.
@newhinton
I use Neo Store, but I'm not entirely sure if it is a valid alternative or just a reskin of sort of F-Droid.
There's Obtainium as well but that's a different beast entirely.
@newhinton There is a new project here accrescent.app/
I don't know much about it, can't verify anything, just heard about it
@Kulei @newhinton We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
Isn't Obtainium just worse than F-Droid? Considering that F-Droid atleast does some of the antivirus scanning and such. It's very difficult to verify whether an app is secure or private (even for people that trust aGPLv3 or just open-source apps intrinsically more than proprietary ones there is no guarantee of safety or privacy).
F-Droid still does better checks than something like Play Store, right?
> Isn't Obtainium just worse than F-Droid?
No, since it avoids added another trusted party which has proven to be highly untrustworthy.
> antivirus scanning
It's performative.
> F-Droid still does better checks than something like Play Store, right?
F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
> F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
Isn't it supposed to be possible to target older APIs even in current builds?
@lispi314 @Kulei I think they meant the target api that should always be the latest available, ideally.
In android you have targetSdk and minSdk.
I think minSdk can be as low as you want, but targetSdk should be always as high as possible.
This way the app is still up-to-date security-wise, even if it still works on older sdks.
If you have a targetSdk that is too low, you are likely pulling in security issues with those sdk's
While I appreciate bringing up the security concerns the existence of alternatives to #FDroid I do not think we have those when it comes to pure FOSS apps without the usual big corporate trackers/libs. #Accrescent lists a few apps and fails to provide relevant information about them (such as requested permissions). E.g. #Qlango includes multiple tracking libraries by #Meta / #Facebook and doesn't look like it is FOSS to any degree. Even while the #FDroid repo is not carefully curated I don't run into traps like these. 🤷
There is a need for a curated and maintained FOSS app repo and currently there is nobody but @fdroidorg providing it. #Obtainium, #Accrescent are mostly option for expert users who exactly know who to trust and what they are looking for. @Kulei @newhinton
@Kulei @newhinton What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
> What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
You can read about their requirements on their site. They have a system for tagging apps that's being implemented for marking which ones are open source, have reproducible builds, etc. If you only want to use it for open source apps, you'll be able to do that. Apps being open source does not mean other standards aren't relevant.
> F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
Apps with an ancient target API level aren't possible to fully automatically update. This is F-Droid warning that their automatic updates don't fully work due to not complying with that minimum target API expectations, not them adding a warning about target API level.
Well that's sad. Having to implement your own updater in every app is annoying when F-Droid can just do it from a bunch of repos. It would be nice if there were a simple generic solution that let you bootstrap a single updater app and then add repos.
For traditional UNIX systems, there's a big benefit in having a single repo, because you distribute a load of shared libraries and you want a consistent build of all dependencies. With Android / F-Droid, each app is totally independent (or depends on things via late-bound intents) and so there's no real benefit from the centralisation, other than needing to deal with people who have the kind of purist views that put off users.
@david_chisnall F-Droid isn't updated dependencies across apps and has even down downgrades of security critical dependencies which introduced security vulnerabilities to apps again.
Traditional Linux distribution repositories have been moving away from working that way though with packaging systems like Snap and Flatpak along with projects having dependencies done in a way they're not good at handling. Distributions aren't really capable of dealing with all the dependencies in practice.
I wouldn't put Go and node.js in the same category when it comes to dependency culture. Also, go build will put all dependencies in one binary.
Users may be tricked to install an app. E.g. imagine a cookie clicker game that opens an install prompt.
@ejim @david_chisnall GrapheneOS has been changing these interfaces for permissions, ADB key approval, etc. to have a 1 second delay before it can be approved to avoid this issue.
Either way, you already have the app installed so it can run arbitrary code. If it has network access it can download and run code or change the existing code's behavior based on our. Our dynamic code execution restrictions prevent running dynamic native code or loading classes with the Android Runtime, not all code.
Oh and btw
avg 4d 1h 49min 3s
max 1w 18h 51min 8s
min 22h 19min 51s
gitlab.com/ironfox-oss/IronFox…
Inclussion into official F-Droid? (#7) · Issues · IronFox OSS / IronFox · GitLab
Are there plans to include IronFox as part of the official F-Droid repo, as Mull was? Otherwise, perhaps on IzzyOnDroid repo, or lastly a custom IronFox one? Even...GitLab
fwiw, they do ship an app called FFUpdater, which, as far as its UI suggests, downloads the packages from Mozilla/Github. Updates are still manual, though does mostly cut out the F-Droid-in-the-middle.
We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
For apps that are signed by the npubs of the developers you know and trust, I understand it to be a better alternative. It will be amazing once all apps are signed by dev npubs.
AFAIK apps that at signed by ZapStore are requiring you to trust Zapstore's build processes, similar to Fdroid.
@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
Accrescent requires developers to log in with a github account not giving alternatives. So you basically need to agree to some st***d tos from a us big tech company to publish an app? This is a complete fail, so no alternative to fdroid, sorry.
@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a
@d4c97d420f3a70722da9c67245b2d9b3da75bf3d9b795e8f8b42c322c7f96593 @001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a
> Accrescent (from Graphene OS),
Accrescent is not from GrapheneOS. It's a third party project. We mirror it in our app store so people can obtain it securely and then use it to get apps like Molly with a chain of trust from GrapheneOS.
@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a @d4c97d420f3a70722da9c67245b2d9b3da75bf3d9b795e8f8b42c322c7f96593 Even first party app stores built into the OS can't bypass the standard package manager signing rules. The OS itself provides a strong Trust On First Use model through this.
Verifying the download for the initial install is what's left up to the way the app is being obtained. As an example, our App Store has signed metadata with a timestamp and hashes of the APKs.
When we are pointing out that harassing, did u tried to black mail them 🤭🤭
Its weird to read this by GraphenOs profile 🤣🤣🤣🤣
One of my fav comments under one random YouTube video-
“One of the inherent advantages of Open Source is that when a project needs new leadership, but the current leadership doesn't recognize that fact, the project can simply be forked, perpetuating the good idea and leaving the failed leaders to howl into the abyss until / unless they decide to grow up.”
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
@dalias @NebulaTide Play Store used to be a way to obtain developer builds of apps signed by the developers but has moved away from it and the code transparency system they provide isn't a complete solution to verifying what they generate and sign from the app bundles uploaded by developers.
For our own app repository, we don't want to build thousands of open source apps largely not aligned with our approach, especially without doing a pass updating dependencies and adding basic hardening.
@dalias @NebulaTide Accrescent is a project we recommend as an open source replacement for what the Play Store used to be but it's still in an early phase without a lot of apps. Makes sense to use it for the apps in it though.
It's a secure way to distribute developer builds where developers upload their releases. It's therefore not going to be a similar single point of failure, but it's also only going to exerting a small amount of influence on the app developers.
@dalias @NebulaTide F-Droid repeatedly not giving users Firefox updates for months because they have to slowly update their patches removing things they dislike is an example of how much of a disaster it ends up being. Users getting browser security updates is critical.
They've also had a long history of doing weird things like rolling back security critical dependencies compared to what apps use themselves. They do similar things for their own apps too to support ancient Android versions.
Yes, I think it's best to install apps from GitHub releases, and subscribe to GitHub releases of your apps to get notifications about new releases. But that only works for apps hosted on GitHub (GitLab should have similar functionality).
But your own tool to verify certificates sounds very interesting.
@tibs @dalias @NebulaTide According to F-Droid themselves, their Firefox fork uses services which track users. The telemetry they're disabling is not mandatory and it's as if they're trying to make the changes more invasive rather than doing the least invasive change possible. Some of their changes include adding bookmarks/links to the F-Droid site.
The only thing they truly consider a blocker to updates is removing the client side Google Play libraries which blocks their updates for months.
Maybe Mozilla could make a browser that is not riddled with telemetry and bad defaults, so the F-Droid team doesn't have to fix it.
What's your recommendation regarding @IzzyOnDroid and their reproducible builds approach?
Use this instead of f droid repo?
I think you're dismissing the important curation work of F-Droid.
Sure it's imperfect and security patches take too long, an additional intermediary etc.
But using Obtainium [edit: I was wrong about Accrescent] just leaves the users to their own devices installing any app, with zero oversight.
Far from ideal.
You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
> I think you're dismissing the important curation work of F-Droid.
They don't do important curation work. They do a very poor job with that and their changes have consistently introduced security vulnerabilities and broken apps.
> Sure it's imperfect and security patches take too long, an additional intermediary etc.
It's not only an extra intermediary but a group of people who have demonstrated themselves to be highly untrustworthy with underhanded malicious behavior and coverups.
> You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
They've done repeated coverups of security vulnerabilities including ones their own team discovered. They regularly refuse to fix serious security and other flaws. They've engaged in serial harassment towards security researchers, including but not limited to people involved in the GrapheneOS project. We're not insinuating.
We're warning our users away from putting themselves at risk through an unsafe platform with untrustworthy developers.
@jcast Accrescent has standards for the apps which are included and is going to include tags for filtering based on which apps are open source, have reproducible builds, etc.
github.com/accrescent/meta/iss…
It is in an early phase where it's not open to all developers submitting their applications yet and doesn't have a lot of applications. It is intended to provide an open source, secure and trustworthy alternative the Play Store not a small catered repository of apps they want to promote.
Support "open source" tag · Issue #25 · accrescent/meta
Developers should be able to request an "open source" label for their app after it has been published (we can add label requests to the draft creation process later on). This request should then be...GitHub
This looks as ugly for WireGuard than for F-Droid.
WireGuard current app on Izzy repo for F-Droid does not tell users where it's updating from, does not ask for consent and it's opt-out. So there were clearly not happy about letting users know.
Not to diss WireGuard which is course an awesome project.
A growing number of Izzy repo apps are reproducible builds.
You replied to my comment on Wireguard choosing very deliberately to hide background updates from users with an adhominem on Izzy.
Not taking his side, and understandably you have removed your trust from them, but this doesn't look good on you.
I've read Izzy's comments on several forums for many years now, and I never witnessed nothing but either praise or constructive criticism of GOS.
Your mileage might vary, but from my perspective it just sounds you're each fiercely defending your ground. GOS focusing on security and FDroid on the 4 freedoms.
Izzy regularly spreads misinformation about GrapheneOS and has participated in harassment towards our team. Call it what you want, doesn't change what it is.
GrapheneOS is a privacy project. No matter how many times you folks misrepresent what it is and falsely claim it cares about security over privacy and all the other misinformation.
I wasn't aware of that privacy vs. security controversy.
I'm in no way affiliated with FDroid and am seriously taking notes of your concerns and criticism.
I also appreciate your availability to communicate so transparently, and usually in a very mature way.
Just noting two things here: Wireguard opaque attitude, and you not replying to that concern.
Inclussion into official F-Droid? (#7) · Issues · IronFox OSS / IronFox · GitLab
Are there plans to include IronFox as part of the official F-Droid repo, as Mull was? Otherwise, perhaps on IzzyOnDroid repo, or lastly a custom IronFox one? Even...GitLab
You're replying to me as if I was defending Izzy.
I'm not, I see things got ugly.
But you're still choosing to go down the path of attacking him instead of replying to a legitimate concern about Wireguard's choices.
Sure that shows two things:
- FDroid review system is to say the least flawed.
- Given that the new WG version on Izzy's repo does not even prompt the user for opt-out bg updates, WG chooses to be opaque (edit: to users), which I find concerning.
In practical terms, this means WG installs from FDroid, using Izzy repo and updates in tje background without ever requesting user permission or producing a notification.
So it really sounds at this point you're purposedly misleading and obscuring this fact.
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
To clarify, I'm not using GOS, but another AOSP based OS.
Maybe GOS is more has more explicit permission model, but my issue is with WG, not GOS in any case.
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
to all of you asking what to use instead/how to install applications in the most secure way: youtube.com/watch?v=IAoCfrqxIE…
A very nice step-by-step explanation on what apps to use and how the sources hierarchy should look like
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.youtube.com
@37974f34f799d8d9930b0114a2b0b5d1fcd1a35011bb1f6ed5839800605b9b1d @d8f38b894b42f7008305cebf17b48925654f22b180c5861b81141f80ccf72848 grapheneos.social/@GrapheneOS/…
@d8f38b894b42f7008305cebf17b48925654f22b180c5861b81141f80ccf72848 Yes, for the apps available there. Note it's building an alternative to the Play Store meant to be usable for everything.. Apps being there is not a recommendation to use them.
To provide some helpful context for other people, you've been repeatedly participating in targeting our team with harassment through spreading Kiwi Farms style content targeting them with spin and fabrications including from a Kiwi Farms user you support who regularly targets people in this way:
@Erklaerbaer Obtainium is a good concept, but it needs a more focused implementation based around shipping signed metadata with the locations for obtaining the apps and key fingerprints to bootstrap verification.
Accrescent will be providing a far larger selection of apps and tags for filtering based on whether they're open source, have reproducible builds, etc. It's in an early phase and is being built out. It needs people to support it, and unfortunately F-Droid folks are trying to harm it.
@dalias @a1ba @NebulaTide They did provide a code transparency system to prove the generated APKs match the provided code but it does not cover all the relevant forms of resources, just all the code, so we don't think it provides what is needed even if it was widely adopted to verify what's generated.
Google essentially moved to the system used by the Apple App Store where developers upload bundles of signed code which are then turned into the actual signed packages by Apple and Google.
@dalias @a1ba @NebulaTide There's a lot of pain releasing apps through the Play Store in general aside from this, but the same applies to most alternatives to it.
The delay for app review is at least generally down to around 1 day right now. There were times in the past where it took a week or more to get an update approved and there's no way to get it accelerated for a critical update.
There are some very painful policies and it can be very painful to get the allowed exceptions approved.
A package index with a script for each registered app that describes how the app should be (un-)installed or updated, where it comes from, what quirks it might have etc.
On MacOS it manages to deliver all sorts of apps from a variety of sources in I suppose a reasonably secure way. What challenges might Android face adopting similar model? Is that something worth putting more effort into?
So we can't trust squat anymore, is that it? Never heard of Obtainium either.
I've been using it exactly because it is more eyes on top of code, minimizing the risk of malware. GitHub repos can be hijacked, so Obtainium is less secure.
Be free to correct me. If you prove to me Obtainium with GitHub is more secure I'll switch to it (already use it for a few apps). F-droid actually pissed me off by having the wrong name for an update for an app and now it crashes because a build was skipped. I also use Droid-ify, not the official app.
Gründe, warum ich WhatsApp verlasse:
1. Fakten sind Fakten, Lügen sind Lügen und Einordnung ist keine Zensur 🇪🇺
2. Schwule/Lesben als "krank" bezeichnen zu dürfen(!) ist inakzeptabel 🏳️🌈
3. Politische Begriffe (z.Bm 'Demokraten', 'Abtreibung') auszublenden ist faschistisch 🤐
tagesschau.de/ausland/amerika/…
#Zuckerberg #Meta #WhatsApp #Signal #Threema
Vor US-Regierungswechsel: Warum Digitalkonzerne vor Trump einknicken
X- und Tesla-Milliardär Elon Musk steht eh fest an der Seite des künftigen US-Präsidenten. Aber mittlerweile folgen auch andere Tech-Bosse Donald Trump und seiner Politik. Warum ist das so?Nils Dampz (tagesschau.de)
Since beginning of full-scale war, 147 artists and 95 journalists killed in Ukraine
As many as 147 artists and 95 media workers have been killed in Ukraine as a result of Russian aggression. — Ukrinform.Ukrinform
Zelensky arrives in Poland on anniversary of Auschwitz liberation
President Volodymyr Zelensky has arrived in Poland to participate in events marking the 80th anniversary of the liberation of one of the largest Nazi death camps, Auschwitz-Birkenau. — Ukrinform.Ukrinform
wheresyoured.at/burst-damage/
Burst Damage
Soundtrack: Masters of Reality - High Noon Amsterdam I have said almost everything in this piece in every one of these articles for months. I am not upset, but just stating an obvious truth.Edward Zitron (Ed Zitron's Where's Your Ed At)
What the Media Missed: Tulsi's troubles, Trump chaos, and the X exodus
dailykos.com/stories/2025/1/27…
#TulsiGabbard #TrumpDidThis #RepublicansDidThis #RepublicansOwnThis #GOPKakistocracy #GOPWeirdos #NoRepublicansEverAgain #USPol
What the Media Missed: Tulsi's troubles, Trump chaos, and the X exodus
So Greenland, Canada, Panama, and Colombia walk into a bar … The few remaining pundits who predicted more stability in Donald Trump’s second term barely made it a week before world events ate ...Daily Kos
ok i loled at "Rhodesian Wankpanzer"
x.com/Oh_Hedda_Hopper/status/1…
#cybertruck #elon #elonmusk #tesla #TSLA #spacex #RhodesianWankpanzer #meme #memes #uspol #eupol
Lord Caramac the Clueless, KSC reshared this.
https://www.techtudo.com.br/noticias/2025/01/venda-de-iris-proibida-no-brasil-e-agora-o-que-voce-precisa-saber-sobre-edsoftwares.ghtml?utm_source=flipboard&utm_medium=activitypub
Venda de íris proibida no Brasil: e agora? O que você precisa saber sobre
Entenda o que muda com bloqueio no pagamento de Worldcoins por cadastro da íris no projeto World ID; Saiba a justificativa da ANPD e posicionamento da Tools for HumanityTechtudo
Tech Cyborg reshared this.
Nothing cria o "celular dos sonhos"; saiba o que ele tem de diferente
https://canaltech.com.br/smartphone/nothing-cria-o-celular-dos-sonhos-saiba-o-que-ele-tem-de-diferente/?utm_source=flipboard&utm_medium=activitypub
Posted into CORPORATE @corporate-canaltech
This Ukrainian drone is safe from electronic warfare thanks to fibre-optic cables
https://flipboard.com/video/euronews/35c3f8923b?utm_source=flipboard&utm_medium=activitypub
Posted into Business Videos @business-videos-euronews
This Ukrainian drone is safe from electronic warfare thanks to fibre-optic cables | Flipboard
Radio signals from standard remote-controlled drones can be interfered with.Flipboard
Russia’s air strike on Kupiansk: Bodies of two women recovered from rubble
The bodies of two women who died as a result of a Russian air strike on a residential building in Kupiansk, Kharkiv region, on January 26 were recovered from under the rubble. — Ukrinform.Ukrinform
A Twitter post from [@]PaulSkallas (LindyMan) that says "Hello cutie new follower. Welcome to the Lindy table". Below the text is a photo of a woman with long brown hair wearing glasses drinking from a Red Bull can through a straw.
Provided by @altbot, generated using Gemini
Roland Häder🇩🇪 likes this.
Do you need some sunshine today?
Here are some Coneflowers in sunny yellow for you!
Find my handmade Coneflower watercolor painting here:
karen-kaspar.pixels.com/featur…
#MastoArt #art #painting #FediArt #FediGiftShop #artist #InteriorDesign #ArtistsOnMastodon #TraditionalArt #kunst #contemporaryArt #watercolor #watercolour #creativeToots #BuyIntoArt #flowers #flower #gardening #garden #floral #nature #NatureLover #yellow #sunny #goodvibes #handmade #aquarell
Galaxy S25 Ultra: você terá que pagar caso queira uma S Pen com Bluetooth
https://www.tecmundo.com.br/produto/401877-galaxy-s25-ultra-voce-tera-que-pagar-caso-queira-uma-s-pen-com-bluetooth.htm?utm_source=flipboard&utm_medium=activitypub
Posted into TecMundo @tecmundo-TecMundo
Galaxy S25 Ultra: você terá que pagar caso queira uma S Pen com Bluetooth
Informações do site oficial da Samsung apontam que o acessório será compatível com o Galaxy S25 Ultra, mas por um valor extraFelipe Vidal (TecMundo)
Kash Patel’s Cringe Documentary Teases What Could Be in Store for the FBI
rollingstone.com/politics/poli…
#KashPatel #GOPSerialKiller #GOPTraitor #FBI #RepublicansDidThis #USPol
Kash Patel's 'Government Gangsters' Documentary Teases FBI Priorities
Kash Patel, Donald Trump's nominee to become FBI Director, lays out how he views the Justice Department in his documentary "Government Gangsters."Nikki McCann Ramirez (Rolling Stone)
#ElonMusk is a #terrorist, and former #Twitter is just one vehicle he uses to terrorize people who criticize or oppose his actions.
bbc.com/news/articles/cx2ymd32…
Australia's online regulator got death threats for case against X
Australia's internet watchdog says she received a torrent of abuse after being personally named by Elon Musk.Hannah Ritchie (BBC News)
BerlinFokus reshared this.
Bill Gates detona Musk por tentar 'desestabilizar política de outros países'
https://www.tecmundo.com.br/mercado/401876-bill-gates-detona-musk-por-tentar-desestabilizar-politica-de-outros-paises.htm?utm_source=flipboard&utm_medium=activitypub
Posted into TecMundo @tecmundo-TecMundo
Bill Gates detona Musk por tentar 'desestabilizar política de outros países'
Bilionário da Tesla tem participado ativamente de campanhas da extrema-direita em países da EuropaNilton Cesar Monastier Kleina (TecMundo)
Mensagens de socorro encontradas no Google Maps chamam atenção nas redes sociais
https://www.tecmundo.com.br/internet/401878-mensagens-de-socorro-encontradas-no-google-maps-chamam-atencao-nas-redes-sociais.htm?utm_source=flipboard&utm_medium=activitypub
Posted into TecMundo @tecmundo-TecMundo
Mensagens de socorro encontradas no Google Maps chamam atenção nas redes sociais
No último final de semana, marcações no solo em um terreiro de obras localizado em Los Angeles, EUA, chamaram atenção das redes sociais.Igor Almenara Carneiro (TecMundo)
Stiamo partendo con il progetto EDUcational e puoi contribuire anche tu indicando le applicazioni che vorresti avere disponibili direttamente con una mail a dev@ufficiozero.org
Indica il nome del pacchetto, la licenza del software stesso ed anche il grado di istruzione per il quale consigli l'utilizzo dell'applicazione proposta.
EDU è rivolto ad ogni grado della scuola italiana.
#UnoLinux #devol #ufficiozero #ufficiozerolinuxos #school #privacy #opensource #freesoftware #scuola
reshared this
Julian Del Vecchio, Tech Cyborg, Linux Italia, Angelo Massaro e maupao reshared this.
La Digitale
La Digitale est un éditeur d'outils numériques libres et responsables pour l'éducation.ladigitale.dev
Tech Cyborg reshared this.
Die @Bundesregierung hat oder will zu rechtsradikalen Schuldkuld-Äußerungen von #Musk auf AfD-Veranstaltungen nix zu sagen. Und ja, sie wollen weiter auf dessen Plattform bleiben.
youtu.be/_NKWrFUqyKo (ab Min 24)
Google rivoluziona la ricerca mobile: addio URL lunghi
#Aggiornamento #Breadcrumb #Dominio #Google #GoogleSearch #Link #MobileSearch #Notizie #Novità #RicercaMobile #SEO #SERP #TechNews #Tecnologia #URL #UserExperience
ceotech.it/google-rivoluziona-…
Google rivoluziona la ricerca mobile: addio URL lunghi
Google semplifica gli URL nei risultati di ricerca mobile: niente più breadcrumb, solo il dominio. Un'esperienza più pulita e diretta sugli smartphone.CeoTech
Stop spending so much money on streaming services | Popular Science
How to save on Netflix, Disney+, Hulu, Prime Video, Max, AppleTV+...you get the idea.Justin Pot (Popular Science)
Altbot
in reply to dj sensitive black girl 🏳️⚧️ • • •A Minecraft screenshot showing a player's hand in the bottom right corner, reaching towards a dark brown tree trunk. A light brown wooden sign is attached to the tree. The background shows a Minecraft landscape with more trees and grass. The player's health bar and inventory are visible at the bottom of the screen.
Provided by @altbot, generated using Gemini