sonalder

joined 4 years ago
sorted by: new top controversial old
The security situation with the Arch Linux AUR got a lot worse in c/linux@lemmy.ml
[–] sonalder@lemmy.ml 1 points 22 hours ago (1 children)

Interesting, unfortunately I still rely on proprietary binaries but I could try it on a secondary device. Reproducibility is one of the reason I chose to learn NixOS.

The security situation with the Arch Linux AUR got a lot worse in c/linux@lemmy.ml
[–] sonalder@lemmy.ml 2 points 1 day ago (2 children)

I never said that GitHub was better. I just don't feel like using a package maintained by a stranger with no tied to neither the software I want to install nor the distribution packages repository.

Of course installing random code from stranger is never great advice regardless of the distribution source. But AUR is simply not for me, and many users don't understand the risk or let's say responsabilities it involves while installing packages from that source.

The security situation with the Arch Linux AUR got a lot worse in c/linux@lemmy.ml
[–] sonalder@lemmy.ml 3 points 1 day ago (5 children)

Is Guix the GNU approach to NixOS?

ProtonDB alternatives in c/opensource@lemmy.ml
[–] sonalder@lemmy.ml 1 points 1 day ago* (last edited 1 day ago)

isn't enough to call it open source

I never said that ProtonDB was open source.

you would still have a diverging dataset if you allow people to insert new records in the new app

An Open source WebApp would not prevent this from happenning either. A community-led fork is nothing if "new entries" are all going through the main open source tool extending the "old" database.

It would only benefits from having the same code base. Same problem, doesn't solve it.

The ProtonDB owners could just decide to not export that data any longer whenever they want.

I haven't read the whole license myself so I don't know all the legal aspect if they were going to do this.

But if they chose to close the database future entries, I'm pretty confident that the Linux Gaming community will organize themselves to quickly get another app, forking the open database previous from the closing decision. Allowing them to quickly move to a new common place. ProtonDB will probably lost reputation and usage as time goes but this is not a prediction scenario.

You also can't change the data being Steam specific when the app is closed source and not accepting contributions

That's another (valid) point. But nothing prevent you to build a webapp that periodacly imports from ProtonDB database to show Steam games data while also lists other titles that are not available through Steam creating a new database with your users entries for other platforms.

Open Source is a way to organize people around a project. ProtonDB author doesn't seems to want their code to be publicly available for consulting nor for improving or modifying by external people. And that's their rights to do so. For now, it seems that their projects is benefiting the Linux gaming community and the open license of the database is appreciated. If the project goes in an unexpected direction, people can fork the database which is the most valuable data, more than the code of the webapp.

ProtonDB alternatives in c/opensource@lemmy.ml
[–] sonalder@lemmy.ml 5 points 1 day ago (3 children)

I think OP means that the community feeds a database using a platform they have no real control over, as the source code of the website/WebApp is not public.

However it is good to remind people that ProtonDB database is published under the Open Database License ODbL at this GitHub repo. To me having the db under an open license is more important than a WebApp (especially now that anyone can build such a website in a probably insecure way, using a 20$ monthly LLM subscription).

I haven't digged into the db myself, maybe it does not come with the comments and so and only the borked, silver, gold, platinum labels.

So yes the website doesn't seems to be open source but the database is. So anyone could rebuild an alternative from its database (which is probably the most precious part of ProtonDB). If nobody already did it yet, it's probably because no one felt the need for, as ProtonDB already offer a valid, great and free user experience with currently no reasons to distrust the project.

Epic Games is hiring a Senior Game Security Engineer for their Anti-Cheat team to champion Linux anti-cheat capabilities while working on OS internals, reverse engineering, and protecting multiplayer in c/linux_gaming@lemmy.world
[–] sonalder@lemmy.ml 61 points 1 day ago (27 children)

I am not excited to have Linux-kernel anti cheat spyware on my machine, but I guess it's good to free gamers from Microslop monopoly.

The security situation with the Arch Linux AUR got a lot worse in c/linux@lemmy.ml
[–] sonalder@lemmy.ml 4 points 1 day ago

AUR is community-maintained packages intentionally designed to shift security responsibility to users. Without pre-installation vetting, meaning anyone can submit anything on there, making it perfect for malware distribution.

Of course all code is visible for inspection, community voting exists, and malicious packages can be reported and removed which limit malicious action.

But now we have LLM that can generate (and distribute) malware and do pretty good code obfuscation so I am not convinced by this model. Honestly I never felt comfortable using AUR (so I avoid it) because I'm not technical enough to review all the code my machine runs.

The security situation with the Arch Linux AUR got a lot worse in c/linux@lemmy.ml
[–] sonalder@lemmy.ml 11 points 1 day ago* (last edited 1 day ago) (14 children)

AUR has never been a good idea. I don't use it and this news proved me right.

Does that mean a distro official package manager would be immune to infections? Of course not, but they do offer a more secure distribution system and build greater trust. Minimizing the chance of malware being spread through their means.

Edit: If you have the knowledge and time to inspect the AUR packages you install, AUR might be good for you. I have none of these, that's why I stick to my official distro packages (and sometimes also some flatpak but from official sources)

Is there room for Windows selfhosters? in c/selfhosted@lemmy.world
[–] sonalder@lemmy.ml 3 points 1 day ago

One step at a time, you will eventually move to GNU/Linux in the future if this new hobby persist. But there is nothing wrong with beginning using software and tools you are already familiar with. However you will probably have to use WSL (Linux inside Windows basically) to make things work and all guides you will find will mostly be based on Docker and/or Linux. So you will definitely use Linux on your Microslop owned machine.

If you don't have the time to learn a new OS it's fine, but it will not necessarly make things easier, especially on the long run. That's my take on it.

My very first self-hosting homelab was a Linux Mint old refurbished desktop PC that I was remotely accessing through AnyDesk (I was a Windows kid user at that time). Now I'm on NixOS through SSH and still learning, I do not completely comfortable but I am able to use it and learn while doing so.

I would highly encourage you to try to run a lightweight beginer friendly Linux distro such as debian, Linux Mint XFCE or Kubuntu if you feel like you need a desktop environement and graphic user interfaces but if you really want to use that Microslop license you bought it's fine, you will probably switch in the following months or years. Okay maybe not, some people are fine using it.

You can also take a look at stuff like runtipi, yunohost, CasaOS, ZimaOS, Umbrel, Cloudron and stuff like that. They aim to be beginner friendly self-hosting "OS" or "WebUI".

Proton mail sponsors far right French YouTuber, censors criticism on their subreddit in c/privacy@lemmy.ml
[–] sonalder@lemmy.ml 3 points 1 week ago

From what I understood: ONLYOFFICE is a fork of Libre Office by a russian company. NextCloud was using ONLYOFFICE for its built-in cloud office suite replacement. Then they forked it with others to have greater control on the software with no communication whatsever to the company developing ONLYOFFICE without respecting their questionnable trademark restriction within ONLYOFFICE licence which I am still unsure if it was compatible with GPL licence Libre Office is using.

Email ownership, I give up. in c/selfhosted@lemmy.world
[–] sonalder@lemmy.ml 6 points 1 week ago

Yep honestly paying for posteo (fully foss back-end) is worth it. Self-hosting email is on the hardest side, not impossible but require more time and knowledge than many other services.

Email ownership, I give up. in c/selfhosted@lemmy.world
[–] sonalder@lemmy.ml 31 points 1 week ago (1 children)

Yes selfhosting it is awesome but it's definitely not the simplest service to do host.

28
Anyone else came across the MAM spec? (Micro Apps over Meshtastic) (gitlab.com)
 

So I was digging around AlternativeTo.net and Meshtastic-related Android apps called Bitmesh came across. And buried in the doc in the GitLab repo is a protocol spec the author seems to have wroten called MAM: Micro Apps over Meshtastic. It's not really talked about anywhere I could find, which seems like a shame as I think it deserves way more attention than it's getting.

The core idea is simple but kind of elegant: right now if you want to build a third-party app on top of Meshtastic, you're basically stuck fighting over the radio with everyone else, with no clean way to share the channel between multiple independent apps. MAM is a small framing layer that sits on top of Meshtastic's PRIVATE_APP portnum and lets completely different apps coexist on the same channel without stepping on each other.

Concretely, here's what it does:

  • A 4-byte header + MessagePack payload per packet
  • App multiplexing via a 16-bit message ID (so multiple apps share one channel cleanly)
  • Reassembly for messages that span multiple packets (up to 16 chunks × 236 bytes = ~3.7 KB)
  • A defined handshake with the local node over BLE (ToRadio / FromRadio)
  • Honest, explicit security posture: the PSK is public, it's a namespace token, not actual security, that's each app's problem to solve

What struck me reading it is how general-purpose it feels. The spec is very deliberate about what it does and doesn't cover things like reliability, encryption, and app-level schemas are explicitly left to each app to figure out. It's just the transport plumbing, nothing more. There's even a registered vs experimental app ID split built in, which reads like the author was thinking about other people building on top of it, not just their own use case.

I'll be honest, some of the finer technical details go a bit over my head. But the overall design feels solid and the spec is short enough to read in one sitting. I'd be curious what people who've actually built things on Meshtastic think. Does this solve a real problem? Is there something else already doing this that I missed? Does the spec have obvious holes? Is anyone aware of other apps implementing it?

5
Lemmy devs are looking for funds to support development and accept XMR ! (join-lemmy.org)
 

Lemmy devs asking for money and added a crypto option on https://join-lemmy.org/donate with BTC, ETH and XMR !

Nice.

7
Surveillance des télécommunications et entreprises obligées de collaborer : ouverture d’une consultation (www.admin.ch)
 

La surveillance des télécommunications ne peut fonctionner sans la collaboration des entreprises de la branche. La loi sur la surveillance de la correspondance par poste et télécommunication (LSCPT) prévoit différentes obligations selon le type de services que les entreprises proposent et elle classe les personnes obligées de collaborer dans différentes catégories. La compétence d'imposer des obligations supplémentaires ou d'accorder des dispenses pour certaines d'entre elles revient au Conseil fédéral, qui fixe les critères à ces fins.

L'ordonnance sur la surveillance de la correspondance par poste et télécommunication (OSCPT) classe les fournisseurs de services de télécommunication (FST) dans deux sous-catégories : les FST ayant des obligations complètes et les FST ayant des obligations restreintes. Les fournisseurs de services de communication dérivés (FSCD), quant à eux, sont désormais rangés dans trois sous-catégories, selon le niveau de leurs obligations, qui peuvent être minimales, restreintes ou complètes. Ces distinctions doivent permettre une gradation plus équilibrée des obligations et un rapprochement entre les FST et les FSCD de taille et d'importance économique comparables. Un FSCD ayant des obligations complètes doit réaliser au moins cent millions de francs de chiffre d'affaires et/ou avoir plus d'un million d'utilisateurs. Nouveaux types de renseignements - suppression des chiffrements

Trois types de renseignements et deux types de surveillance sont par ailleurs créés à la faveur de cette révision. L'objectif est d'une part de standardiser certains renseignements et surveillances rétroactives servant à l'identification d'utilisateurs et qui étaient jusqu'ici traités comme des cas spéciaux et, d'autre part, de créer la possibilité de ne surveiller qu'une partie des données de contenus lors de surveillances en temps réel.

Un nouveau type de renseignements permet la constitution d'intersections des résultats de l'identification des utilisateurs de deux connexions internet ou davantage. Les autres concernent la livraison d'indications sur le dernier accès à un service de courrier électronique ou à un autre service de télécommunication ou service de communication dérivé.

Un nouveau type de surveillance a pour objet la surveillance en temps réel de données secondaires et du contenu tronqué de services d'accès au réseau, tandis qu'un autre est prévu pour la surveillance rétroactive aux fins de l'identification des utilisateurs de connexions à l'internet.

L'OSCPT précise par ailleurs l'obligation légale pour les fournisseurs de supprimer les chiffrements qu'ils ont opérés. Cette obligation concerne tous les fournisseurs (FST et FSCD) ayant des obligations restreintes ou complètes. Les chiffrements de bout en bout - par exemple dans les services de messagerie - ne sont explicitement pas concernés.

Certaines dispositions de l'ordonnance du DFJP sur la mise en œuvre de la surveillance de la correspondance par poste et télécommunication (OME-SCPT) doivent également être modifiées. Les délais de traitement doivent ainsi être adaptés pour prendre en compte les nouveaux types de renseignements dans l'OSCPT. Pour le reste, les modifications sont d'ordre rédactionnel.

La consultation dure jusqu'au 6 mai 2025.

14
A clean Android setup with the best apps (mostly open source) (alternativeto.net)
 

I tried to make a list on AlternativeTo that has all the apps you ever needs. I tried to avoid services and stick with apps, however there is a few services like Cloud-sync Notes, Password manager, E-mail aliases and a few others. I tried to stick with Free (as in free beer) Apps and when there is great options Free (as in Freedom) and open source.

Do you have any recommandations so I can improve that list without bloating it too much ?

9
Some apps downloaded from AuroraStore are asking me to link my Google account on my device which I don't want (lemmy.ml)
 

I don't use Google account on most of my devices. I have an older phone on LineageOS 22.1 that I use mainly to test apps. It has GApps installed but I never sign in. I have faced a couple apps that on startup are launching the PlayStore app and ask me to sign in, I guess for "security". Is there a way to bypass that ? I don't want to link my Google profile and would love to use this app offline like I should.

Is this something that could be done with LuckyPatcher ? Is there easier methods ?

20
Audio stuttering on many Proton games ChimeraOS that had no issue before. (lemmy.ml)
 

I have been using ChimeraOS on my living room PC and it has worked well most of the time without issues. Recently I had audio stuttering on a new game and fixed it by using an older Proton build. But then I started a game that I have played many hours on this machine without any issue and suddenly had audio stuttering again on this title that previously had no audio issue with. Then I realized it is a problem with most of my library... This is really annoying for some title.

Anyone experienced something similar recently ? I have updated ChimeraOS twice since and updated the Proton Experimental build etc... Don't know if it is related to Proton, to a driver, to Chimera... How could I debug this ?

12
I've updated my list of open source Android apps with great UI ! (alternativeto.net)
23
Is there a way to speed up the process of importing non-steam games to Steam with artwork, proper name, etc... (lemmy.ml)
 

Pretty much the title. I installed my GOG games through Lutris and wanted to rapidly import them to Steam. Same for emulated ROM. Do you have advices ?

13
Is there any other reddit client forking for lemmy ? (lemmy.ml)
 

Would like to see open source client such as Infinity, Stealth, RedReader, etc... going to lemmy.

The best case scenario would be all reddit client including Apollo, Boost, etc... supporting the transition to lemmy but this is quite unlikely unfortunately...

-1
Make SimpleMobileTools considering XMR for donations ! (github.com)
 

SimpleMobileTools are making simple yet great open source android apps. No ads, no trackers, cheap price or even free. I personnaly love Simple Gallery Pro and have a lot of respect for the devs, I would like to donate since they accept cryptos... unfortunately only BTC, ETH and LTC. Let them heard of the benefits of Monero so I (and maybe you) could donate to them for their work !

0
What's the best way for a commerce to accept XMR but getting paid in fiat currency ? (lemmy.ml)
 

I recently discover NowPayments which looks like a cool services but does not suit well with a Monero mindset. I understand that it will have some compromises for using a service like that no matter how serious the ones running it are. I was just wondering if their was a simple way for a commerce to be paid in euro/dollar or whatever currency is prefered and that the customer uses XMR without comprimising any information on his/her side.

9
I have made a list of open source Android apps that have beautiful modern design (alternativeto.net)
 

Often people tend to say due to the lack of funding open source apps have bad UI and also sometimes terrible UX. While it’s not entierly false I’ve found myself some beautifuly designed apps and wanted to share them here.

view more: next ›