@rysiek Hmm. Mixed feelings about this one... In your opinion, is this an all-bad thing or are there some uptakes to it?
@h3artbl33d look, I recognize that many places in this world have no reasonable banking services available, and that a lot of people have no access to digital payments that would otherwise make their lives better.
If you ever tried sending any money to Africa, or, you know, between EU and US, you know what I mean here.
At the same time, Signal Desktop remains crap ("optimizing database" ⏳, and then words appear seconds after I type them) and Signal mobile tends to fall minutes behind Desktop.
But Moxie has many times expressed not wanting 3rd party clients using their branding OR service. Even if they're unmodified builds made by f-droid...
That's right. Everyone has to move to a new messenger again because changing the client isn't possible.
Signal is effectively a "source available" project that sometimes accepts PR's.
Sure, it's technically open source, but nobody is going to use your fork after Moxie tells you to go host your own Signal Server.
Jami has the opendht and turn server available in the advanced UI. Still hard for a tech newbie, but at least it doesn't require sending someone a sketch unsigned appstore package.
@rune @ted @rysiek @h3artbl33d it really doesn't matter if they discourage it or don't like it. the GPL says developers are free to fork the code. the service TOS says users are authorized to use the service. AFAIK there are no cases where an authorized user of a service is only authorized using certain software - they're authorized for the *service*. google.com can't say you're not allowed to use non-chrome browsers.
He was asked at 36c3 after his talk was over if: with the existance of postmarketOS that boots in a ton of devices, and the Librem 5 and the Pinephone if they would finally consider making a fully featured native mainline linux app.
His reply at the time was that; making clients for different platforms is hard, adding a new platform is hard, and maybe these platforms should look for a way to run the android app.
For the record I am not defending his position or his reply, was just repeating what he said.
I think his answer is stupid, and the examples he gave to justify why it is hard, like getting app windows for factor rigth for different screens, only shows that he does not know the work of GNOME/libhandy and Plasma Mobile in getting apps that work in tablets and mobile devices.
There is a truth in there. For instance, see: https://grapheneos.org/features
I do like the Pinephone (and to a lesser extend Librem) - but while they are private and the hardware toggles are fantastic, they miss security features (full verified boot, a weakened or no selinux, firmware update problems, etc).
The Librem 5 does have a smartcard reader so there is some hope and intention to work on a solution for verified boot using that. As for selinux it an be worked on, but I am not sure how to balance that.
As for Firmware updates, not sure about the pinephone, I am more familiar with the Librem 5. But with the Librem 5 the attitude seems to be some latitude for those updates. For the pinephone modem it seems there are also some avenues for updates.
I'd like to refer you to some Tweets on the :
@maryjane @zeh @rysiek @ted With all due respect - and this is not personal (more of a concern towards Purism): in my opinion, announcing security features a device is supposed to ship with, only remove it without a trace before public availability is raising red flags at best.
The Librem 5 is geared towards privacy enthousiasts (among others) which makes this more concerning IMHO.
no disrespect taken: I am going to take the cautionary approach and say that I need to lookup that statement, because I am unfamiliar with it, before my time I would say, in order to understand what we are talking about.
But as a general note about the Librem 5 OS, in it's defense, it is still under heavy development, a lot of features are only landing now.
Also need to consider with SELinux that its not just a binary thing (has / has not) eg. the policies in android, implemented as part of a comprehensive security model ( https://arxiv.org/abs/1904.05572 ), provide so much more than what is gained by the SELinux implemented in Fedora.
Comprehensive policies are apparently a massive undertaking to implement and maintain. Obvs Google has the resources to do that.
…a full system Mandatory Access Control is #Whonix / #Kicksecure (the hardened Debian on which Whonix is based - basically whonix workstation with all the tor stuff stripped out — https://www.whonix.org/wiki/Kicksecure )
Yes. It certainly isn't a binary thing and it offers fime grained policies. AOSP and "stock Android" offer one of the most sane policies. GrapheneOS takes it even a bit further.
...and your remark, about Google having enough resources, is kind of my point. With Linux, there are just too many stakeholders that each have their own agenda, work and projects. Getting it broadly adopted [1/2]
@dazinism @maryjane @zeh @rysiek @ted sane default policy is nearly impossible. The BSD deratives, like OpenBSD, can implement security features much swifter, due to the different development model and project setup.
I did give a talk about this on two occassions. In some aspects, Linux is f*cked by the 'organic' model. [2/2]
They have an API key that they put in their builds and can rotate with updates. You can steal the key from the binary, but your client is going to end up unreliable as you constantly play catchup.
This doesn't matter if it is a single user, but if you're trying to provide it as a feature to many it effectively shuts it down.
Nothing in the GPL limits this.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!