velox_vulnus, 6 months ago (edited 6 months ago) to fdroid in Integrating f-droid to lemmy

This should explain why.

russjr08, 7 months ago to linux in Project Bluefin: A Linux Desktop for Serious Developers

out of the box isn’t enough for a new distro.

I’m a bit surprised that they mentioned “distribution” on the Bluefin website, as the Universal Blue site (the base project behind Bluefin) explicitly mentions not being a distro - and I know that Jorge tends to be very clear that they’re not building a distro:

This isn’t a distribution, you can always rebase back to Fedora without reinstalling. This is a unique relationship between upstream and downstream that is popular in cloud, but still new to the Linux desktop. “Custom images” seems to be a decent place to start since that’s what people call them in cloud.

Spectacle8011, 7 months ago to linux in GitHub - SerenityOS/serenity: The Serenity Operating System 🐞

Here’s why.

Because I like the 2-clause BSD license. I am not a fan of “copyleft” or forcing obligations on people in general. I want my software to be available for anyone who wants to use it.

SNFi, 7 months ago to asklemmy in Are there any good/interesting launchers for Android by Linux desktop standards?

I have been using this launcher for years: kisslauncher.com

At first, I disliked, but now I got used because it’s very fast and simple… I don’t think this is what you are looking (customizations) but just wanted to show this.

More info:
kisslauncher.com/#why
github.com/Neamar/KISS

moritz, 9 months ago to opensource in Where would you host your code if you prefer non-for-profit communities with FLOSS commitment?

It’s running Forgejo.

Skyline, 11 months ago to privacy in Apple already shipped attestation on the web, and we barely noticed

The author does a pretty good job of explaining the potential problems this technology could cause. Scroll down to https://httptoolkit.com/blog/apple-private-access-tokens-attestation/#why-is-attestation-bad-generally.

kenblu24, 11 months ago (edited 11 months ago) to privacy in Apple already shipped attestation on the web, and we barely noticed

You know captchas? They’re there because bot activity can be really hard to moderate. So those are there to test if there’s an actual human talking to the website: They try to give a test that only a human can do. The problem is, now that machine learning models can actually do some of those things, like read handwritten words and identify cars vs bikes, we need a new test that only humans can pass. Also, these captchas are annoying to users, and if you’re a website that runs off of clicks and ads, a captcha might piss off a user and they leave, and you get to show fewer ads.

So, the people running a website have a need to stave off bot traffic, but also not piss off real, legitimate human traffic. One solution is “attestation”, which basically means getting someone else to attest, or plead on your behalf, that you are running on an unmodified device. In a perfect world, Apple would like their phones to be so incredibly locked down that you can only do things that they allow. One of those things would be using an iPhone to do bot stuff. So, since Apple controls what software runs on your iPhone, they can (in theory) prevent you from running bot software. This means that iPhone users would be (in theory) guaranteed safe human traffic. But if you’re a website owner, how do you know that the request is actually coming from an iPhone? Simple. Request the device ID from the iPhone, and ask a question that only an iPhone would know the answer to. This is essentially what web attestation is. From the article: “a way that web servers can demand your device prove it is a sufficiently ‘legitimate’ device before browsing the web” and “your treatment on the web depends on whether Apple says your device, OS & browser configuration are legitimate & acceptable.”

This has significant implications for the openness of the device you use, as well as the control that you as a user have over how you use the web. The primary example would be adblockers. Apple and Google get to say whether you’re human or not, so if you have an adblocker, Google can just say “no, I won’t attest that this user is human” and you’ll get treated differently. It’s not difficult to imagine a world in which Youtube would just refuse to serve users who aren’t 100% trustworthy, given their recent adblocker experiment. And this is the case for every link in the chain, from the device, to the OS, to the browser (and other stuff you might have on your system), and browser extensions. There are concerns that this will hurt competition in all of these spaces. Built your own computer? Well now you might be considered non-legitimate. Developed your own browser? Haha, definitely can’t get attested.

tl;dr: Instead of captchas, ask the device if it’s real and unmodified. See above for why this is bad.

Also see #why-is-attestation-bad-generally from the article. In summary, be especially concerned if you:

• Use an adblocker or extensions that Google or Apple might not like
• Built, repaired, or modified your computer/laptop/phone/smart fridge
• Use an older, less-supported computer/laptop/phone, or one from a smaller brand/manufacturer
• Like open-source software
• Like competition & free market for the hardware/software of computers and phones and browsers
• Don’t like the monopoly of Chrome
• Don’t like Cloudflare or similar services

Worth noting that if all this comes to pass, these people aren’t stupid. They will toe the line to make sure not too many people are pissed off. But if you are pissed off, better make noise now, as they almost certainly won’t change their minds later.