IzzyOnDroid is an Android store for Free & Open Source Software. The apps are free (as in „free beer“ and as in „free speech“) and Open Source.
Builds for IzzyOnDroid are directly from developers and signed by developers. This enables very fast publishing (whereas F-Droid re-builds apps from source).
Builds for IzzyOnDroid are directly from developers and signed by developers. This enables very fast publishing (whereas F-Droid re-builds apps from source).
So any developer can distribute self signed malicious apps fast.
Without checks. Wonderful Idea.
Fdroid builds from reviewed source code.
I will stick with FDroid and recommend others to do the same.
@Kerplunk we'd suggest you read the security section at apt.izzysoft.de/fdroid/index/i… 😉 TL;DR: multiple scans are performed on apps published via #IzzyOnDroid, to make it as safe & secure as can be. In the 10 years of our existence, there hasn't been a single incident of a malicious app. So please, don't spread uninformed misinformation ("without checks" even). Thanks! @CoMaps
PS: IzzyOnDroid also has #reproducibleBuilds to ensure apps were built from the indicated source. Planned for CoMaps as well
@IzzyOnDroid @Kerplunk I've wondered for a while, better late than never: if I add the #IzzyOnDroid repo to the F-Droid app, how does the app choose which repo to pull updates from for each app? And in particular for CoMaps?
And are there other F-Droid client apps that handle this better that you'd recommend?
@neatnit The official F-Droid client lets you set a "preferred repo". All clients I've tested so far allow you to select the source repo when you scroll to "versions". As for @CoMaps the entries are even distinct, as the app uses a different packageName at F-Droid. Updates are usually taken from the repo you installed an app from. A full description of the process is unfortunately too long for a toot 😉 @Kerplunk
@IzzyOnDroid @Kerplunk Thanks! Perhaps worthy of an article to link to, similar to the security one you linked before. For me this is one of the things I overthink that makes me wary.
For example I have added the repository for Bitwarden, and I'm worried that they can (for example, in theory) add a malicious version of whatever app I'm searching for in the real F-Droid repo with a fake version number that's newer than the real one.
@neatnit now, THAT would require them to also hold the proper signing keys – which is very unlikely unless the original party has leaked them – so only the signer of the original app should be able to do that. F-Droid keeps theirs very safe, on an air-gapped machine. We always recommend the devs proper measures. Also see: f-droid.org/2023/09/03/reprodu… @CoMaps @Kerplunk
Earlier this year, we reported about our progress concerning reproduciblebuilds. Meanwhile,more and more apps are using this; you can find some statisticsher...
@IzzyOnDroid @Kerplunk Yes, true, and I realized this while writing. But if it's a new-to-me app that I'm installing for the first time, this can happen, can't it?
@neatnit Yupp. App signing is kind of TOFU (Trust On First Use). So check carefully before the first install, then the "signing stuff" protects you against malicious actors providing "updates". It's just one piece of protection, though – there's e.g. always the "supply chain" (e.g. a dependency the app uses could "sneak things in"), which is why we established several additional scans, @CoMaps @Kerplunk
(2/2) For example, our "APK library scanner" finding "unexpected (proprietary) libs" is no rarity. For apps in our repo, in 90% this was unintended and got fixed by the corresponding dev quickly. In the other 10% we were either able to convince the dev to use a FOSS alternative (while updates were stalled here), or (in rare cases) had to remove the app entirely.
@Kerplunk @ib I cannot really tell about "malicious" – but "suspicious", yes. Usually before (or rather instead) of inclusion. We then do not include such app unless clarified and found "OK". And yes, we avoid proprietary components like GMS. We make few exceptions where it's unavoidable, but then clearly mark the app with the NonFreeComp anti-feature
And yes, being cautious is essential, so thanks for taking care! We try to assist you there as good as we can, eg. with full transparency
@ib @IzzyOnDroid Have your system ever detected anything malicious before?
I was hit by a malicious verified by playstore app, so yes, the experience was painful.
The most malicious thing on any android device is inclusion of GAPPS, the google tracking and spyware suite.
I have absolutely nothing against izzysoft way but now have a non google phone and after binning a phone that became malicious, extremely cautious with regard to applications and stores.
Srovnáváme naší cyklistickou infrastrukturu se zahraničím! Proč má Praha jen symbolické cyklopruhy, zatímco třeba polský Białystok buduje stovky kilometrů chráněných cyklostezek?
Podívejte se, jak se město s mnohem menším rozpočtem a rozlohou stalo vzorem pro městskou cyklistiku. Zjistíte, proč oddělené cyklostezky nejsou jen o asfaltu, ale o bezpečnosti a plynulosti dopravy pro všechny. Městská cyklistika je budoucnost! Přináší méně zacpané silnice, zdravější obyvatele a čistší vzduch. Inspirujte se s námi a pojďme společně pomoci Praze stát se cyklistickým rájem.
V tomto videu se dozvíte: Problémy a nedostatky pražské cyklistické infrastruktury. Jak funguje moderní cyklistika v Białystoku. Konkrétní čísla a srovnání cyklostezek. Výhody rozvinuté městské cyklistiky pro celé město. Na závěr rychlý pohled do města Lodž.
Pomozte nám zlepšit Prahu! Sdílejte toto video s úředníky, politiky a všemi, kterým záleží na budoucnosti našeho města. Máte fotky nebo videa cyklostezek ze zahraničí, které fungují? Pošlete nám je!
Že je cykloinfrastruktura na západ od nás lepší, na to už jsme si zvykli, ale že nám ukazuje záda i východní Polsko, to je fakt smutné. A to je na tom Praha ještě podstatně lépe než Brno.
vôbec to nevyzerá dobre, dokonca mám aj rozbitú hlavu a vôbec neviem čo sa stalo, vôbec akože vôbec.. posledné si pamätám že som si kúpil kvet, potom ako idem za roh do čajovne a ako odtiaľ už vôbec
Day 2 of the #LibreOffice Conference 2025 begins! Join us in-person in Budapest – or check the conference website for the schedule and chat (where we'll post live stream links, where possible): conference.libreoffice.org/202… #foss #OpenSource
- not sure if you promote this often here. I’ve seen this the first time. Would be great to see this kind of things more often here 😊. Happy to join up next year or at the next conference 😉👍
Krásné #dobréRáno a parádní den vám přeju, přátelé a kamarádi Mastodontíci ❤️💙☕️
Díky zdeňkovi @archos jsem se mohl vrátit. Děkuju vám všem za podporu v době, kdy jsem tu nebyl (@onka6, @KaterinaGloserova , ...) Dost se mi po vás stýskalo, jen jsem si to chtěl všechno v hlavě ujasnit. Chvíli jsem byl na BS, je tam pár fajn lidí, kteří tady nejsou, ale jinak je to tam takový neosobní... No a pak už jsem se neuměl vrátit. Zapomněl jsem vstupní údaje... Odpusťte mi, chyběli jste mi... ❤️💙😉
Jsme moc rádi, že jsi tu! 👋☕♥️ Na vysvětlování si ani nepotrpíme, všichni tu jsou svobodní a dveře nejsou zamčené. Jen míváme obavy, jestli je ten nebo ten v pořádku, když se neodhlásí. 😊
In today's episode of #accessibility shit-fuckery: our new dishwasher. In terms of form factor, Fisher & Paykel DishDrawers really suit us: you effectively get two half dishwashers, so you can easily run a half load, run one while you're still filling the other, etc. We had them at our old house years ago and they were awesome. They were also the most accessible dishwasher I've encountered by design: they had tactile buttons, and even though some of the buttons cycled between options, there were different beeps when you wrapped around to the start of the options, so if you couldn't see the screen, you could choose what you wanted easily once familiar. So when our old dishwasher died last week, it was a clear choice: we'd get DishDrawers. There's always a risk that new models will regress accessibility, and unfortunately, it's pretty difficult to test or find out about stuff like this. But this new model also has WiFi connectivity, so I figured that would work as a fallback at least. It turns out that they're all capacitive touch buttons; i.e. not tactile, no press. Worse, there are no distinct beeps when you wrap around to the first option, etc. So I resigned myself to using the app, which is surprisingly very accessible. But... no go there either. Because of a safety feature you can't disable, you have to enable remote start using the (inaccessible) buttons on the dishwasher. Remote start gets auto disabled when the door is opened, after the next wash completes or after 72 hours, whichever comes first. At best, that makes this thing extremely tedious for me to use. I can stick tactile dots above or below the buttons, but even then, it's easy to accidentally touch a button while you're looking for them and you can easily choose the wrong option due to the lack of useful audible feedback. I already have this problem with our air fryer and it frustrates the hell out of me. But I guess it just is what it is, as is so often the case. The worst part is that they took a reasonably accessible product and made it inaccessible. And for what? Visually pleasing touch buttons that probably don't even function when you have wet hands (because surely people don't have wet hands in a kitchen?). It's Thermomix all over again. And the message these companies send is clear: "we don't care about people with disabilities at all. We don't even give it a thought." I called Fisher & Paykel to see if there's anything they can do and it's been escalated to their tech team, but I'm not holding my breath, especially because the inability to permanently enable remote start is a deliberate safety choice. I'm just so, so tired of struggling with and fighting these battles every. Single. Day. I barely even have the energy to be angry. The temptation to just give up is immense.
This fetish for touch buttons and touchscreens needs to bloody stop. I saw a stand mixer the the other month with a touchscreen on which is what you need on a highly dangerous machine that you could accidentally start by touching it. Absolutely ridiculous.
recently moved my 85 year old father into a new apartment, to be greeted by an induction hob with entirely capacitive touch controls, dark red-on-black digital displays, and only one type of beep sound for all functions. Dad has always been red-green colourblind, his sight is now deteriorating generally, and he has a slight tremor in his hands - none of which are unusual conditions, one would have thought - and there is not a chance he could operate that safely. It was shockingly hard to even find a cooker with manual controls, and the landlord was unhappy to say the least about swapping out the precious "state of the art" machine with a "basic old fashioned" one. It's absolutely maddening.
In today's episode of #accessibility shit-fuckery: our new dishwasher.
A dishwasher that can or needs an internet connection absolute no go.
Crappy sensors which only function sometimes and not with wet hands.
Ask Bosch Siemens.
There is so much untested trash sold as advancement, why because engineers are scared to tell their bosses to F Off because that great new idea is just flashy shit.
Doesn't help obviously, but we had to make a switch this year as well. We opted for a Siemens model. Can do half loaded washing as well, although you can't fill the other half up while its washing, but then again it doesn't have the remote start issues you are describing. You basically turn it on once and it'll stay on forever. Home Connect also is fully accessible. But household appliances are always hit or miss, really.
@ToniBarth Apparently remote start was limited because of concerns that little kids might climb in, the drawer could close and then it could be remote started, with potentially very bad results. I obviously applaud a commitment to safety, but there are other ways to do this, including (but not limited to) a clear safety warning screen where the adult user takes responsibility. Out of interest, does yours have push buttons or do you have to always operate it via the app?
It doesn't have touch, just typical push buttons. No audio feedback though, so its basically remembering which buttons you have to press for what. I usually press on/off and start/stop to start the default program, and whenever I want to run a different washing cycle i'll do that via the app. Also all notifications come in via the app as well.
@ToniBarth I'm in the middle with my washer/dryer, the remote app connectivity works pretty well but you do have to set the machine to " remote" program first, which is a knob, and then press the " Remote" button which is capacitive, as is that entire machine's control panel apart from the knob. The one good thing is that you get an error chirp if you try to turn on remote without the remote program being selected, so you essentially twist, press, twist, press until the remote comes on, at which point you have to use the app. Welcome to the future!
@zersiax Wait, so what else does the knob do? Can you trigger non-remote things from the panel at all even with sight? And if so, how if the only other button is the remote button? @ToniBarth
@ToniBarth there's more capacitive buttons all over the panel, and the knob cycles between programs, one of which is the remote "program" which makes the remote button active
@zersiax @ToniBarth Ah. So is there still a risk of you accidentally hitting other buttons and starting something you didn't intend to start? I guess that's mitigated by the bottom right location of the remote button somewhat.
@ToniBarth yeah if you angle your hand just right its relatively foolproof, but the play/pause is close to that remote button so if you accidentally brush your hand against it you may very well start something
I absolutely hate that. Our new washer and dryer do the same thing. I had to get someone to put a label on the remote start buttons, and I'm working on memorizing where they are when I have my hand in a certain position on the edge so I can avoid pressing other buttons. To LG's credit, the app tells me what changes right away, with VO saying "deep cycle selected" or whatever an accidental button press does as I'm going for remote start. That doesn't excuse anything, though.
Yup, same Dishwasher controls back here too. All I can do is turn it on and start the auto cycle. Needed to put a dot above where you would press. Yes, very frustrating.
@mcourcel Do you ever find you miss the dot when looking for it and end up flubbing other buttons because your hand was too far down? I do that with our air fryer sometimes and it drives me wild.
Fortunately the dishwasher has buttons in a long row, so it's easier. Yeah, our air fryer actually has a flat screen with buttons that click and beep when you press them. So that's helpful anyway. I do miss being able to use the Instapot on my own though.
@jpellis2008 I guess it's only intended to be used for delayed/scheduled remote start, even though you *can* start it immediately. And I agree it's ridiculous.
Krásné dobré ráno mastodonťata! 🙋♀️🐶🐈 Nebudu lhát.Za těch pár dní částečné výměny kancelářské židle za pracovní rukavice jsem poněkud rozlámaná.Ta moje kondice nebude tak ucházející, jak jsem si myslela. 😂 Ještěže jsou takové vynálezy, jako je horká sprcha.To co je bolavé prohřeje, to co je ubrblané, odplaví.Vzhůru do nového dne!Po práci mám brigádu u mamky, ale večer! Babinec!Domů vlastně až zítra. 😁😁 Vy to moc nepřehánějte, máme pátek, tak ať vám zbydou síly na víkend. 😊 #dobre_rano #dobréRáno
Back in April, I preached a sermon titled "God is our source of worth and approval." I was preaching for myself because I need to hear that message, but a lot of other people said that it helped them as well. Sharing here in case it might help you, too.
Here's the intro: We all need to feel worthy, accepted, and that we’re doing a good job. There can be two errors that can cause us a lot of anxiety and to make bad decisions.
One error is looking for these affirmations of worth, acceptance, and approval from other people. That will cause us to always seek to try to please people. Our actions will be controlled by them.
The other error is to stop caring about what other people think and just do whatever we want. This could be good, but we all have sinful natures and can deceive ourselves. Besides that, pride is a very dangerous thing. The original sin of the devil was pride, thinking that he knew better than God. Adam and Eve fell because the devil promised them that when they ate of the fruit of the Tree of Knowledge of Good and Evil, then they would become like God. For the first time in their lives, they choose something contrary to the will of God—because of pride.
So, what is the right way to fulfill our needs for feeling worthy, accepted, and approved?
Just like we trust God for our basic needs like food and clothing, we can look to him for our need for love, belonging, and esteem. The more that you understand this, the freer you will be in your life. You will be able to make good decisions and relate to people in a proper and healthy way.
God is our source of worth and approval Sunday, April 6, 2025 We all need to feel worthy, accepted, and that we’re doing a good job. There can be two errors that can cause us a lot of anxiety and to make bad decisions.
EVT-stage prototype multi-disk iPod; it featured multiple dual-platter 1.8" hard drives in a RAID-0 configuration with a total storage capacity of 240GB.
Holy crap, Emily Blunt's sword from Edge of Tomorrow was auctioned off today from a prop house. That'd be one of the few bits of movie memorabilia I'd want to display in my house (but probably not worth the 10-15k it was supposed to go for) propstoreauction.com/lot-detai…
my boss used to have Thor's hammer. He does have the entire Batman suit from one of the movies, can't recall which one. And the Bane suit. So probably that movie.
I believe they called him up and bought back the Thor hammer because they wanted it back for a movie
We built local backdoors for Signal, 1Password & Slack through V8 heap snapshot tampering (CVE-2025-55305).
Method: Replace v8_context_snapshot.bin files with versions that override JavaScript builtins. When apps call Array.isArray(), malicious code executes. Works because integrity checks ignore these "non-executable" files that actually contain executable JavaScript.
A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.
How is it even legal to have such barbaric employment policies like this. Surely air crew should be on the clock from the moment they start security clearance, until they exit the secure area at the end of their shift. Anything else is exploitation.
US flight attendants push to be paid after the Air #Canada union finally get a contract that pays for all work including when planes aren’t in the air: ‘Most of our passengers have no idea’
I can't say enough good things about Paperback, the ebook and PDF reader written by @TheQuinbox. It's truly amazing to have a text-based PDF simply open and be readable. No screen reader optimization, no Adobe alerts, no useless controls or lack of pages in a browser. Just the text, ready in a couple seconds. It even saves your reading position. github.com/trypsynth/paperback
@menelion Hmm, I wonder if there's a way around that? Does your display show text when you navigate by heading/section, at least? If not, I can certainly at least make that happen, the screen reader feedback also output braille.
@menelion I don't currently, sorry. I'm surprised WX has that kind of problem. I thought it used standard controls, especially the C++ library. I've only ever played with WXPython.
I just started using Paperback as well, and it's very good indeed. I noticed that a PDF file I tried reading wasn't synchronizing properly. NVDA would speak one line, but my Braille display appeared to show the next line. Other than that, everything is fine.
@kjsapergia Hmm, strange. You're not the first person to report issues with Paperback and braille displays, but I'm a speech reader and the primary braille display I have is only 14 cells, so testing fixes will be slightly difficult. Certainly it's something I want to improve though
Vielen Dank für's Teilen der Slides über eine faire Cloud. Als Chat-Alternativen könnte man vielleicht aus verschiedenen Gründen stärkeren Fokus auf #Matrix legen als auf Signal.
"For decades, the phrase “Year of the Linux Desktop” has been tossed around like a tech industry punchline. But now, it’s no longer a meme—it’s a movement.
This isn’t just about numbers—it’s about momentum. GNU/Linux’s desktop share hovered below 2% for years. But since 2020, it’s been climbing fast.
From the lens of @purism this shift is more than market share—it’s a cultural awakening."
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
Nejvyšší soud má být garantem jednotného výkladu práva. V řadě oblastí však tuto funkci nezajišťuje, což vede k právní nejistotě. Z pohledu advokáta, který denně sleduje dopady soudních rozhodnutí na klienty, jde o problém, který nelze přehlížet.
Purism recently announced the Librem PQC Encryptor, encrypting data-in-transit (DIT) with post-quantum cryptography (PQC) according to the NIST FIPS 203 standard. puri.sm/posts/introducing-the-…
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
Je to deset let, co jsem začal používat Telegram. Za tu dobu jsem přesvědčil hodně lidí, aby ho začali používat, obhajoval jsem ho, ale v poslední době mám čím dál větší pocit, že jsem se v něm mýlil. V tomto blogpostu se pokusím vysvětlit proč.
Mně se Signal líbí, ale vadí mi na něm, že nemá webové rozhraní a zároveň má uzavřený přístup ke klientům. Dá se tedy používat jen na telefonu nebo s velmi tlustou electronovou aplikací na vybraných desktopech. To je pro mě velmi nepříjemná překážka.
Myslím, že klienty třetích stran pořád oficiálně nepodporují, ale už je minimálně tolerují, protože se jich objevilo celkem dost. Vzniká i jeden v GTK pro Linux: flathub.org/apps/de.schmidhube… Pro Android je třeba Molly, které používám já.
Nicméně s těmi klienty třetích stran je to komplikované. U takto komplexních služeb nestíhají držet krok. I u Telegramu prakticky všechny umřely a existuje jen pár forků oficiálních aplikací, které přidávají drobné funkce.
Že to nechtějí otevřít oficiálně, taky trochu chápu. Nedávno byl odhalený klient Signalu třetí strany, který měl zadní vrátka. Pak to není problém jen uživatelů takového klienta, ale i všech jejich kontaktů a dost to nabourává důvěru ve službu. Proto se nedivím, že to chtějí mít pod kontrolou včetně klientů.
Jo, taky bych velmi uvítal zpřístupnění zdokumentovaného protokolu, aby mohlo vzniknout víc klientů - mobilních, webových i CLI - a dal se Signal integrovat do již existujících aplikací. Webové rozhraní jako součást služby by bylo hezké, ale při splnění té první podmínky ani není nutné.
No, jo. Cítím to podobně. Ale ta situace u IM je obecně strašně nešťastná. Neustále mě někdo tlačí do WhatsAppu (měl jsem ho relativně krátce kvůli pár lidem před lety a pak zrušil), teď je to opravdu silné. Historicky mám Messenger, také mě to nenaplňuje štěstím. Kéž by RCS začalo hrát nějakou podstatnější roli, ale RCS aktuálně znamená více méně Google Messages. Signal? Možná, třeba zkusím. Mimochodem existuje nějaká evropská alternativa? Jsem z celého stavu IM hodně rozpačitý.
O čem aktuálně přemýšlím, je, jak do budoucna zajistit bezpečnou komunikaci pro rodinu a děti. (Tedy, nespěchá to.) Přemýšlím o nějaké vlastní Matrix instanci (s vypnutou federalizací), nebo Nextcloud talku. Ale to už asi odbočuji od tématu tvého článku.
Nextcloud Talk je fajn. A funguje spolehlivě a dobře bez nějakého nastavování. Nicméně je to řešení jen uvnitř jedné rodiny. Pokud ale časem projde něco jako chat control, tak nám možná nic jiného než něco, co zůstane na našich vlastních serverech, nezbude.
Aha, tak to je dobrá zpráva (ad Nextcloud Talk), rodina je přesně můj use case. Chat control, to pak aby člověk vůbec zvažoval, jestli podobný typ služeb používat... (Říkám si, nakolik v Dánsku nechápou všechny možné implikace, nebo si spíš ani nedovedou ve vlastním civilizačním kontextu představit, že by toho někdo mohl zneužívat, tipuji druhou možnost.) A ano, provoz na vlastním serveru by byla asi jediná volba.
Hmm, ja tohle moc nechapu. Co je spatne na Matrix? Jestli se nepletu, tak: i) nekolik otevrenych implementaci serveru, ii) nekolik otevrenych implementaci klientu pro ruzna zarizeni (nb, mobil, web), iii) otevrena specifikace protokolu, iv) protokol je federovany. Jakykoli IM bez tohohle jednoduse nedosahuje kvalit #matrix (v dlouhodobem horizontu, a samozrejme IMO).
jednoduchá odpověď: UX. Já proti Matrixu nic nemám, sám ho používám, ale prostě to není tak vyladěné a jednoduché, abych to mohl dát běžnému uživateli a ten si s tím sám poradil. Tohle člověku z pohledu geeka nedojde, dokud to skutečně nezkusí. Už jen odemykání šifrovaných zpráv na nově připojeném klientu je opruz, který by třeba moje máti nedala; přitom Signal zvládá bez problémů, protože ten není složitější než WhatsApp nebo Telegram. Matrix bohužel je.
Ja nejsem UX odbornik, ale aplikace pro Matrix jsou aplikace pro posilani zprav a videohovory, ne? Kolikrat nongeek pouzije odemykani sifrovani zprav na nove pripojenem klientu?
Osobne si myslim, ze ochrana soukromi a zaruky dlouhodobe udrzitelnosti (licence, implementace) jsou dulezitejsi...
řekl bych, že i běžní uživatele to použijí často. I pro ně je totiž běžné mít takovou službu hned na několika zařízeních: mobil, tablet, domácí počítač, pracovní notebook...
Jinak co přesně je na Signalu špatně z pohledu licence?
Já mám tedy klient pro Signal nainstalovaný z F-Droidu: @mollyim 😉 Jinak tu federaci beru, to je výhoda. Nicméně když se člověk podívá trochu detailněji na architekturu té služby, tak zjistí, že co se týče bezpečnosti a soukromí, je na tom Signal citelně lépe než Matrix. Kolik to generuje nešifrovaných metadat, jak to pracuje se seznamy kontaktů atd. Nicméně nemám potřebu nikoho přesvědčovat o Signalu na úkor Matrixu. Obě služby jsou OK a pokud někomu víc vyhovuje Matrix, za mě vše v pořádku.
Přiznám se, že jsem vyměkl a používám verzi, která posílá notifikace přes servery Googlu. Molly totiž neumí Unified Push, takže jediný způsob, jak dostávat notifikace v reálném čase, je, že ta aplikace běží neustále na pozadí.
Getting Molly into the official F-Droid repo has been a long journey. Check out this thread if you’re curious: gitlab.com/fdroid/rfp/-/issues…
It was officially requested back in late 2022. We're doing our best to make it happen someday. The latest blocker: the RingRTC library, reproducible and on Maven Central, is almost done.
Tak jsem prošel pár komentářů issue na GitLab F-Droidu co sdílí @mollyim a Signal mě moc nepřesvědčil.
Serverová část je pod AGPL, ale ne celá. Oficiální klient se o F-Droid nejspíš ani nesnaží a neoficiální s tím má problémy. (Ano, používám F-Droid jako míru pro otevřenost Android aplikací.)
Nejsem si jistý, jak je to s otevřeností samotného protokolu.
Signal určitě pořád lepší než Telegram nebo WhatsApp, ale ne tak dobrý jako Matrix.
Lidi, proti kterym je chat control namiren, samozrejme taky prejdou na vlastni servery. Takze dalsi krok bude, ze do telefonu nedostanete aplikaci ktera nebude chat control podporovat. To je presne to co ted google chysta a snazi se prejmenovat instalaci aplikaci na "side loading", aby to lide snaze prijali jako neco spatneho.
Pak lidi začnou používat webové klienty, načež bude snaha dostat to skenování obsahu i do webových prohlížečů, které se bez toho nedostanou do oficiálních obchodů... Je potřeba být ve střehu, ale nejsem z toho až tak nervózní. Ten odpor je proti tomu tak velký, že si nemyslím, že tohle všechno budou schopní zavést.
To hlasování jen utváří názor Rady EU. Pak se to musí schválit v parlamentu EU, kde to v současné podobě nemá šanci. A i kdyby to prošlo, muselo by to obstát před evropským soudem. To by bylo jen jedno kolo toho utužování. Není to radno podceňovat, ale taky nepanikařím. Email od Gregorové, kde ten legislativní proces podobně popisovala, mě trochu uklidnil.
na přečtení článku se teprve chystám, ale taky jsem původně celou rodinu natáhl na Telegram, jim to bylo jedno a já už ho používal kvůli robotům napojeným na chytrou domácnost. Náznaků, že Telegram není úplně dobrá volba bylo poslední dobou dost, ale na Signal jsem první půlku rodiny přetáhl teprve na jaře. Hodně velký zádrhel bylo, že moje mamka nemůže mít fotky vnoučat jak v telefonu, tak v tabletu. Skoro to vypadalo, že budu muset najít jiný IM, ale pak se a tím smířila
My jsme to s manželkou roky používali na každodenní výměnu fotek, ono to moc pěkně funguje i jako galerie; dnes jich tam máme několik tisíc. Časovaná bomba 🙈
Nicméně pokud má babička alespoň na jednom z těch dvou zařízení Android, má to řešení. Aplikace @mollyim (fork Signalu s různými bezpečnostními zlepšeními) se dokáže připojit jako další zařízení. Na jednom mobilním zařízení může být Signal v podobě hlavního klienta a na druhém Molly v podobě připojeného.
Já nedávno asi po 15 letech začal znovu používat XMPP. A světe div se, ono to už umí E2E šifrování a neztrácejí se zprávy poslané z mobilu se špatnou konektivitou. K tomu navíc je to federované, dá se to self-hostovat, atd. Možná je na čase dát XMPP druhou šanci.
Jo, slyšel jsem na to v poslední době reference. Nakonec to bude ještě pěkně fungovat včetně všech očekávaných funkcí, jen teda o 15 let později, než jsme potřebovali. Ale třeba ještě zažije comeback. Nextcloud Talk se taky rozhodli postavit na XMPP.
Jasně. S nejbližší rodinou jedem po XMPP a je to nádherně jednoduché na hostování. Umí to vše co potřebujem. Poslíláme jen textovky a obrázky, maxilmálně nějaký file. V single a multi chatu. Stačí. Umí to i volat ale to streamy jsou trochu chatrné. Mohu doporučit.
Telegram jsem nikdy nemusel, ale bohužel česká #Meshtastic komunita se drží jen na něm, takže jsem si účet nakonec založil také. Nějakou "killer social feature" má holt každá appka. Messenger mám proto, že přes něj komunikují členové obecní komise, na WhatsApp posílala fotky škola/školka a různé kroužky, Telegram viz nahoře. Nemám takovou moc, abych sepsul ve skupině 20 cizích lidí, ať se vykašlou na Telegram/FB/WhatsApp a nainstalují Element. 😄
Já myslím, že na tyhle věci to je úplně v pohodě. V takových skupinách nečekám žádné soukromí stejně, jako ho nečekám tady na Fediverse. Telegram podle všeho uživatele nesleduje, neprodává jejich data inzerentům. Jen prostě ta architektura a transparentnost služby nejsou dost dobré na to, abych tomu věřil se soukromými zprávami. Když to nezneužije Telegram, může kdokoliv jiný.
Today we announced our progressive vision for Public Security in Montreal.
🔸Massive Investment in prevention; 🔸Creation of a civil service for social crises; 🔸An end to budgetary waste; 🔸Abolition of arbitrary police street checks.
we see you also don't want support from disabled people. People that are visually impaired can't read this since you posted an image full of text with no ALT that would spell the text out.
What a shock. Carney ran on "no cuts" and lied. Again.
--
Finance Minister François-Philippe Champagne is forecasting “tough choices” in this fall’s federal budget, as the government reviews billions of dollars in proposed spending reductions that he suggested would lead to job losses in the civil service.
Uma ovelha muito especial originaria da Namíbia (dai o nome, já que o país já foi conhecido como Damaraland). A principal característica da raça é um depósito de gordura na cauda que serve de reserva energética para períodos de escassez, o que deu a ela o carinhoso apelido de Rabo Largo aqui no Brasil.
O carneiro metaleiro 🤘 É uma raça rara, originária da Ilha de Man, o que fez que ela ficasse (praticamente) inalterada desde a sua origem. Seu nome significa algo como "velo marrom" e sua característica mais marcante são seus chifres múltiplos, podendo ter de 2 a 5 (mais comumente 2 ou 4).
Uma raça britânica bem tradicional, que tem por características mais marcantes as orelhinhas eretas e um perfil facial bem côncavo (pra mim ela lembra um coelho kkkkk), bem como a ausência de chifres e uma cabeça deslanada. Essa raça é a que aparece no filme sendo pastoreada pelo Babe, o porquinho atrapalhado!
A ovelha de chapinha Nativa da península arábica, mais especificamente da região de Najd, de onde herdou seu nome. As suas principais características são uma pelagem lisa, um rosto bastante convexo e o grande porte, com uma média de altura de 86 centímetros, é considerada na Árabia Saudita como a 'miss' das ovelhas (eu particularmente acho meio exótica essa beleza dela).
A ovelha caramelo (tem a variedade branca também), tem como seu (possível) centro de origem, o município de Morada Nova no Ceará (Ahá!), alguns autores dizem que descendem de carneiros portugueses, outros que seus ascendentes são africanos, mas provavelmente é uma mistura de raças das duas origens e ninguém tem certeza de nadaaa kkkkkkk Pra mim é a raça mais brasileira que tem.
A ovelha potiguar! A raça foi registrada esse ano e, tecnicamente, é uma ovelha 100% BR, cruzamento das raças Somalis Brasileiro, Morada Nova e Bergamácia Brasileira. Suas principais características são a pelagem branca no corpo e preta na cabeça, com uma marca branca que lembra uma seta apontando para baixo na testa (sim, tal qual o avatar Aang).
A ovelhinha de pelúcia é original da região (a essa altura você já imagina, né) de Valais, na Suíça, havendo registros dela desde o século XV. Sua principal característica é ser extremamente fofinha, além de ter o focinho recoberto de pelos pretos (na verdade, é o rosto) em contraste com uma lã branca em quase todo resto do corpo e por fim chifres espiralados!
Since I was a kid, I've always wondered how people could have let the Nazis do it... now I know : « #Google’s $45 million contract to spread #Netanyahu's #propaganda »
Google is in the middle of a six-month, $45 million propaganda contract with Netanyahu’s office and was described as a “key entity” supporting Israel's messaging.
Kerplunk
in reply to CoMaps - Hike, Bike, Drive • • •Builds for IzzyOnDroid are directly from developers and signed by developers. This enables very fast publishing (whereas F-Droid re-builds apps from source).
So any developer can distribute self signed malicious apps fast.
Without checks. Wonderful Idea.
Fdroid builds from reviewed source code.
I will stick with FDroid and recommend others to do the same.
IzzyOnDroid ✅
in reply to Kerplunk • • •@Kerplunk we'd suggest you read the security section at apt.izzysoft.de/fdroid/index/i… 😉 TL;DR: multiple scans are performed on apps published via #IzzyOnDroid, to make it as safe & secure as can be. In the 10 years of our existence, there hasn't been a single incident of a malicious app. So please, don't spread uninformed misinformation ("without checks" even). Thanks! @CoMaps
PS: IzzyOnDroid also has #reproducibleBuilds to ensure apps were built from the indicated source. Planned for CoMaps as well
Information on IzzyOnDroid's F-Droid compatible repo
IzzyOnDroid App RepoNeatNit
in reply to IzzyOnDroid ✅ • • •@IzzyOnDroid @Kerplunk I've wondered for a while, better late than never: if I add the #IzzyOnDroid repo to the F-Droid app, how does the app choose which repo to pull updates from for each app? And in particular for CoMaps?
And are there other F-Droid client apps that handle this better that you'd recommend?
Thanks
IzzyOnDroid ✅
in reply to NeatNit • • •NeatNit
in reply to IzzyOnDroid ✅ • • •@IzzyOnDroid @Kerplunk Thanks! Perhaps worthy of an article to link to, similar to the security one you linked before. For me this is one of the things I overthink that makes me wary.
For example I have added the repository for Bitwarden, and I'm worried that they can (for example, in theory) add a malicious version of whatever app I'm searching for in the real F-Droid repo with a fake version number that's newer than the real one.
IzzyOnDroid ✅
in reply to NeatNit • • •Reproducible builds, signing keys, and binary repos | F-Droid - Free and Open Source Android App Repository
f-droid.orgNeatNit
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to NeatNit • • •@neatnit Yupp. App signing is kind of TOFU (Trust On First Use). So check carefully before the first install, then the "signing stuff" protects you against malicious actors providing "updates". It's just one piece of protection, though – there's e.g. always the "supply chain" (e.g. a dependency the app uses could "sneak things in"), which is why we established several additional scans, @CoMaps @Kerplunk
(1/2)
IzzyOnDroid ✅
in reply to IzzyOnDroid ✅ • • •(2/2) For example, our "APK library scanner" finding "unexpected (proprietary) libs" is no rarity. For apps in our repo, in 90% this was unintended and got fixed by the corresponding dev quickly. In the other 10% we were either able to convince the dev to use a FOSS alternative (while updates were stalled here), or (in rare cases) had to remove the app entirely.
@neatnit @Kerplunk
IzzyOnDroid ✅
Unknown parent • • •@Kerplunk @ib I cannot really tell about "malicious" – but "suspicious", yes. Usually before (or rather instead) of inclusion. We then do not include such app unless clarified and found "OK". And yes, we avoid proprietary components like GMS. We make few exceptions where it's unavoidable, but then clearly mark the app with the NonFreeComp anti-feature
And yes, being cautious is essential, so thanks for taking care! We try to assist you there as good as we can, eg. with full transparency
Kerplunk
Unknown parent • • •@ib @IzzyOnDroid
Have your system ever detected anything malicious before?
I was hit by a malicious verified by playstore app, so yes, the experience was painful.
The most malicious thing on any android device is inclusion of GAPPS, the google tracking and spyware suite.
I have absolutely nothing against izzysoft way but now have a non google phone and after binning a phone that became malicious, extremely cautious with regard to applications and stores.