JoeyJoeJoeJr

JoeyJoeJoeJr, 6 months ago

If you like note taking software: youtu.be/XRpHIa-2XCE

JoeyJoeJoeJr, 7 months ago

Yeah, gadgetbtidge was my first thought as well. I’ve never used it, but in theory it would allow you to control devices without the proprietary app. See the link below for supported devices:

gadgetbridge.org

JoeyJoeJoeJr, 8 months ago

According to the license, it is better than source available. You can modify and redistribute, you just can’t sell it. Other than that caveat, as far as I can tell, your rights are basically the same as with other open source licenses. (Feel free to correct me if I’ve missed something.)

JoeyJoeJoeJr, 8 months ago

Is there a particular aspect of the FUTO license you are concerned with? The code is publicly available, and the license seems to allow you to do anything you want, except sell the code. Other than not allowing you to re-package and sell the code, it seems like your rights are very similar to anything distributed via the GPL.

Am I missing something?

JoeyJoeJoeJr, 7 months ago

As a user, or a developer? As a user, I don’t think it matters. As a developer, I think other licenses have similar carve outs, e.g. the GPLv3 section 8 is a whole section on “termination” - the copyright holder can revoke your rights for any ticky-tack violation of the license, and at their discretion, the revocation can be permanent.

Additionally, even with other FOSS licenses, the copyright holder can re-license the project. If I had to guess, this ability to re-license is probably why it is written as it is - the license is called the “FUTO Temporary License.” I would assume it’s written as is so they can re-license later, and they just want to cover their bases now. It’s entirely possible that’s incorrect, and they’ll clamp down. I’m personally willing to give them the benefit of the doubt (though having said that, I have no intention of buying, using, or contributing to this project).

JoeyJoeJoeJr, 7 months ago (edited 7 months ago)

repackaging is a fundamental software freedom

Re-packaging is fine. You just can’t sell it.

They’re just trying to prevent a company from making money off the free labor of the authors. It’s the same issue that has plagued other projects, such as Elastic Search, which ultimately led it to change licenses. And it’s why MariaDB created the BSL, which they and other companies have adopted (very similar terms here - source free to use for non-commercial purposes).

If the hangup is specifically that they can change the terms, or revoke rights altogether, the other licenses also allow for that - that’s how these projects are changing licenses at all, and it happens quite a bit. I have personally contributed to projects that were GPL, and then went Apache.

As a developer, I could certainly see not wanting to build on the project while the license is what it is, but as a user, I don’t think this license is bad. I also think this is likely temporary (hence the name - “FUTO Temporary License”), and the tight grip on the rights are probably just so they can re-license later (hopefully to something a little more permissive). I could definitely be wrong, but given Louis’s track record of fighting for things like right-to-repair, I’d give him the benefit of the doubt here. He could certainly prove me wrong though, if they do anything shady. Feel free to rub it in my face if he ever does.

Edit:

Just for proof, here’s the specific line that says you can re-package and redistribute, from section 2, line 2:

2. You may provide the code to anyone else and publish excerpts of it for the purposes of review, compilation and non-commercial distribution, provided that when you do so you make any recipient of the code aware of the terms of this license, they must agree to be bound by the terms of this license and you must attribute the code to the provider.

JoeyJoeJoeJr, 7 months ago

A user that doesn’t care about licensing is typically called a pirate.

The license literally does not govern the usage of the app. Here’s the first line:

This license grants you the rights, and only the rights, set out below in respect of the source code provided.

Read the entire license (it’s only 32 lines), and you won’t find anything related to using the product, only the code.

This license should only be scary to developers, who might build on the project, and then have it taken away. As a user, your concerns are different, and this license vs the GPL, or any other FOSS, or even source available license, are more-or-less the same. As a user, your primary concerns are probably going to be related to the security and privacy related aspects, and as long as you have access to the source, you can audit it and ensure it meets your standards. If they choose to revoke access to the code, as a user, you’re in the same boat you described - don’t take new versions because you can’t audit them, but you can stay on the old version. They can’t revoke that access with this license, because again, this license literally does not govern usage of the product.

JoeyJoeJoeJr, 7 months ago

This is not true. The GPL does not force anyone to give up their code, unless they distribute it. From the “Definitions” section:

A “covered work” means either the unmodified Program or a work based on the Program.

And

To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.

And from the “Basic Permissions” section:

You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you.

Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary.

Under the terms of the GPL, the owner can revoke your access for any violation of the license, and at their discretion, they can make that revocation permanent. The GPL does not guarantee equal treatment - an author can punish one person harshly, and another not at all. It still comes down to the author. Yes, there is a small barrier in that you have to find a violation, but if you look hard enough, you can probably find a violation - especially in large projects using libraries distributed under multiple different licenses.

the FUTO license can revoke the license just because Rossmann says so. It is a mechanism to keep Rossmann the owner of everything that spawns from the code of the app and being the only one who can make money from it. If Rossmann doesn’t like someone who wants to redistributes the app, he can immediately revoke their license.

Quoting from my comment here:

They’re just trying to prevent a company from making money off the free labor of the authors. It’s the same issue that has plagued other projects, such as Elastic Search, which ultimately led it to change licenses. And it’s why MariaDB created the BSL, which they and other companies have adopted (very similar terms here - source free to use for non-commercial purposes).

If the hangup is specifically that they can change the terms, or revoke rights altogether, the other licenses also allow for that - that’s how these projects are changing licenses at all, and it happens quite a bit. I have personally contributed to projects that were GPL, and then went Apache.

only one who can make money from it

This is not true. You can make and sell plugins, you could offer support, you could sell your services as a code auditor/security expert… anything other than selling the code you didn’t write. On top of that, in practice, this isn’t different from anything else - most contributors to open source projects don’t profit from them, unless they work for the organization that owns the project. When the non-owners do profit, it’s usually big companies and results in the license changes I’ve described above.

JoeyJoeJoeJr, 8 months ago

If you’re ok with Jitsi, and you already use Brave, note that Jitsi is baked in. See brave.com/talk/ and check the “Who provides the Brave Talk service?” question:

The Brave Talk service is provided in partnership with 8x8. And the service is built on the open-source Jitsi platform.

(Note that 8x8 owns Jitsi)

See also the “How are my calls with Brave Talk encrypted?” question:

To start, all video and audio data transferred through Brave Talk is encrypted via transport layer encryption. This is similar to how many websites use HTTPS to ensure your traffic can’t be captured on public networks (e.g. coffee shop WiFi).

The video and audio from your call are transmitted to other participants with the help of a Video Bridge server that’s run by Brave’s partner, 8x8. When you enable Video Bridge Encryption in Security Options, your browser exchanges keys with other call participants, and these keys are used to encrypt the video and audio streams. Only people with keys can see your calls. Assuming honest but curious behavior, neither Brave nor its partner, 8x8, have this key by default.

However, there are some important limits to Video Bridge Encryption. If you want to include a phone participant in your call, have more than 20 participants, or want to include users with incompatible browsers (Safari, most iOS browsers, and browsers based on Chromium version 83 or below), this encryption setting will not work. If you record a call, 8x8’s servers will receive a set of keys to decrypt the video/audio stream in order to process and store that recording. Brave will continue to improve Brave Talk’s encryption properties and work to remove some of these limitations.

Read a more detailed description of Jitsi encryption (the open source basis for Brave Talk).

JoeyJoeJoeJr, 8 months ago

When you install, whatever you install, partition your drive so that /home is it’s own partition. Then if/when you reinstall, distrohop, whatever, you don’t have to worry about copying over your data. Just use the same /home partition, and format the others. You can actually use this to try multiple distros at the same time - you can install them in different partitions, but have every install use the same /home partition. This is a nice way to test new distros without blowing away your stable install.

Now, for my distro recommendation - Ubuntu gets a lot of hate, but honestly, after 15+ years of Linux, and having tried Mint, Fedora, Arch, Manjaro, and many others, I always end up back on Ubuntu. It’s easy, it’s stable, and it stays out of my way.

The defaults are good, but you can customize as much as you want, and they offer a minimal install (as of 23.10, it is the default) which comes with very few applications, so you can start clean and choose all the applications you want.

Unless you are excited to tinker, I’d really recommend starting simple. Personality, I just want the OS to facilitate my other activities, and I otherwise want to forget about it. Ubuntu is pretty good for that.

JoeyJoeJoeJr, 8 months ago

You mean with config files stored in your home directory? Or something else?

JoeyJoeJoeJr, 8 months ago

It’s possible to hit issues, especially if different distros are using different major versions of desktop environments or applications, but in practice, I don’t think it’s something that really needs to be worried about.

If you were to upgrade/fresh install, and copy your home folder over, you’d have the same experience - it’s not much safer than sharing the home partition, except that you’re (hopefully) doing that less. You could still easily go from distro A using version 2 of something, to distro B using version 3, and then decide you don’t like it and try to roll back to distro A. If in the process your config was upgraded in place (as opposed to a new, versioned config being made*), you could have problems rolling back.

With configs, you can usually just delete them (or, less destructively, rename them, in case you decide you want them back), and let the application make a new default one for you. With other files (e.g. databases), you might be in more trouble. But a good application will tell you before doing an upgrade like that, and give you a chance to backup the original before upgrading in place. When asked, it’s probably a good idea to take a backup (and not just for this distro hoping case).

*For any developers reading this, this is the correct way to upgrade a config. Don’t be destructive. Don’t upgrade in place. Make a copy, upgrade the copy, and include a version in the file name. You can always tell the user, so they can remove the file if they want, but let them make the choice. If you can’t (e.g. the database scenario, which could be large), tell the user before doing anything, so they can choose whether or not to backup.

JoeyJoeJoeJr, 8 months ago

It looks like a few people are recommending this, so just a quick note in case people are unaware:

If you want to avoid being tracked, this is not a good solution. Searxng is a meta search engine, meaning it is effectively a proxy: you search on Searxng, it searches multiple sites and sends all the results back to you. If you use a public instance, you may be protected from the actual search engine*, because many people will use the same instance, and your queries will be mixed in with all of them. If you self host, however, all the searches will be your own - there is then no difference between using Searxng and just going to the site yourself.

*The caveat with using the public instances is while you may be protected from the upstream engine, you have to trust the admins - nothing stops them from tracking you themselves (or passing your data on).

Despite the claims in their docs, I would not consider this a privacy tool. If you are just looking for a good search engine, this may work, and it gives you flexibility and power to tune it yourself. But it’s probably not going to do anything good for your privacy, above and beyond what you can get from other meta search engines like Startpage and DuckDuckGo, or other “private” search engines like Brave.

JoeyJoeJoeJr, 8 months ago

I noted in another comment that SearXNG can’t do anything about the trackers that your browser can’t do, and solving this at the browser level is a much better solution, because it protects you everywhere, rather than just on the search engine.

Routing over Tor is similar. Yes, you can route the search from your SearXNG instance to Google (or whatever upstream engine) over Tor, and hide your identity from Google. But then you click a link, and your IP connects to the IP of whatever site the results link to, and your ISP sees that. Knowing where you land can tell your ISP a lot about what you searched for. And the site you connected to knows your IP, so they get even more information - they know every action you took on the site, and everything you viewed. If you want to protect all of that, you should just use Tor on your computer, and protect every connection.

This is the same argument for using Signal vs WhatsApp - yes, in WhatsApp the conversation may be E2E encrypted, but the metadata about who you’re chatting with, for how long, etc is all still very valuable to Meta.

To reiterate/clarify what I’ve said elsewhere, I’m not making the case that people shouldn’t use SearXNG at all, only that their privacy claims are overstated, and if your goal is privacy, all the levels of security you would apply to SearXNG should be applied at your device level: Use a browser/extension to block trackers, use Tor to protect all your traffic, etc.

JoeyJoeJoeJr, 8 months ago

Can you describe your use case more?

I don’t think format matters - if you’ve got multiple processes writing simultaneously, you’ll have a potential for corruption. What you want is a lock file. Basically, you just create a separate file called something like my process.lock. When a process wants to write to the other file, you check if the lock file exists - if yes, wait until it doesn’t; if no, create it. In the lock file, store just the process id of the file that has the lock, so you can also add logic to check if the process exists (if it doesn’t, it probably died - you may have to check the file you’re writing to for corruption/recover). When done writing, delete the file to release the lock.

See en.wikipedia.org/wiki/File_locking, and specifically the section on lock files.

This is a common enough pattern there are probably libraries to handle a lot of the logic for you, though it’s also simple enough to handle yourself.

JoeyJoeJoeJr, 8 months ago

You can actually sign the F-Droid app yourself, if you use reproducible builds.

There’s reasonable odds the signatures still won’t match though, because Google requires App Bundles now, and then they build and sign the APK, rather than allowing the developer to build and sign their own APK.

Technically you can use the same key (see “Best Practices” of this page), but it’s kind of shady, and requires giving your private key to Google.

JoeyJoeJoeJr, 8 months ago

It’s actually less about the library being obscure, and more about version conflicts, which is actually more a problem with common libraries.

For example, let’s say you want to install applications A, B, and C, and they each depend on library L. If A depends on Lv1, and B depends on Lv2, and C depends on Lv3, with traditional package management, you’re in a predicament. You can only have one copy of L, and the versions of L may not be compatible.

Solutions like snap, flatpak, appimage, and even things like Docker and other containerization techniques, get around this issue by having applications ship the specific version of the library they need. You end up with more copies of the library, but every application has exactly the version it needs/the developer tested with.

JoeyJoeJoeJr, 8 months ago

It’s worth noting you can bypass the repo, and install snaps that you downloaded from some other source - see askubuntu.com/…/how-can-i-install-a-snap-package-….

That doesn’t give you a separate “repo,” but it does allow you to install snaps from anywhere.

JoeyJoeJoeJr, 8 months ago

The age and obscurity of the library is irrelevant - you could always include libraries bundled with the app, if they didn’t exist in system repos. For example, in deb packages, you could include it in the data.tar portion of the package (see en.m.wikipedia.org/wiki/Deb_(file_format)).

Libraries with version names baked in are one solution to the dependency hell problem, but that requires support from the language/framework/tooling to build the application, and/or the OS (or things get hacky and messy quickly).

If you read that dependency hell page, you’ll see another solution is portable apps, which specifically mentions Appimage, Flatpak, and Snap.

Additionally, if you read the Debian docs on How to Cope with Conflicting Requirements, the first solution they give is to “Install such programs using corresponding sandboxed upstream binary packages,” such as “Flatpak, Snap, or AppImage packages.”

Bin the consumer environment? It is nice and good practice but it is nowhere near as important as it used to be.

This is incorrect. The target audience for Flatpak is desktop users: docs.flatpak.org/en/latest/introduction.html#targ…. Flatpaks are explicitly for consumer, graphical applications.

JoeyJoeJoeJr, 8 months ago

This isn’t necessarily true - a developer choosing to not include their app in a repo can always opt for a self-updating mechanism.

Don’t get me wrong - repos and tooling to manage all of your apps at once are preferred. But if a developer or user wants to avoid the Canonical controlled repo, I’m just pointing out there are technically ways to do that.

If you’d question why someone would use snap at all at that point… that would be a good question. The point is just that they can, if they want to.

JoeyJoeJoeJr, 9 months ago

I have no personal experience with this company, but I’ve followed them for a few years. I was initially very interested in their laptops, but was also very excited when the phone was announced. In the years since the phone was announced, I’ve heard and read many negative things about build quality and software on their laptops, and I’ve seen the shipment of the phones get repeatedly delayed. More recently, youtu.be/wKegmu0V75s showed up in my feed. I would recommend anyone considering purchasing from them watch that video, and do a little research into their security/openess claims, as well as customer satisfaction.

Again, I don’t have the personal experience to say they are bad in anyway, but I don’t want to see anyone get scammed, so I would recommend healthy skepticism and due diligence before making a purchase.

JoeyJoeJoeJr, 9 months ago

If they do not have cell service, they won’t be able to set up Signal, or any other service that requires a phone number (they won’t be able to receive the text message that verifies they own the number).

JoeyJoeJoeJr, 9 months ago

The community forked the core a while back: github.com/openVoiceOS/

See also neon.ai, which builds on top of OVOS, and is who the Mycroft company officially passed the reigns to.

JoeyJoeJoeJr, 9 months ago

Since most phones (if not all), use an encrypted filesystem. With such, no service can’t start if the device isn’t initially unlocked after reboot, including Find my device.

Android developers can specify that their apps need to run before the pin is entered, via direct boot mode. This is how alarms still work, even if your phone takes an upgrade overnight, and restarts automatically as part of that process.

I can’t say whether Google’s Find My Device currently does this, but there is no technical reason it can’t.

JoeyJoeJoeJr, 10 months ago

Worth noting, they support reproducible builds, which allows developers to sign with their own key:

f-droid.org/docs/Reproducible_Builds/

I would definitely recommend going this route if you’re starting with a new app. Having the binary on GitHub (or wherever you’d otherwise publish) match exactly the binary on F-Droid is really good for assuring people nothing in your repo was tampered with during the build process (i.e. that the binary was built from the public code, and nothing else).

It should not take extra work to do this. The project generated by Android Studio should already be reproducible. As long as you don’t change the build setup and break reproducibility yourself, it’ll “just work.” When you submit to F-Droid, just be sure to let them know you want to go the reproducible route (if you make the PR yourself, it’s a flag in the YAML file).

JoeyJoeJoeJr, 10 months ago (edited 10 months ago)

I went through this process for the first time recently. I opened the RFP issue, and got a response from Izzy very quickly. They were very helpful and responsive through the whole process. I was nervous it would be a slow tedious process when I started, but it turned out to be pretty quick and easy, largely thanks to Izzy’s help.

JoeyJoeJoeJr, 10 months ago

It’s not exactly what you’re looking for, and won’t be as seamless, but you might be able to leverage scrcpy.

It uses adb (you may need a fullfat distro for this - lineage may not support it), and allows you to view and control your Android device from a computer. It can also handle audio, and can be used wirelessly. The one caveat is protected content will probably not show up in the mirror - e.g. if you cast your screen and try to stream Netflix, it will likely be unable to send the Netflix video over. The last time I tested, it depended on the specific app, and which APIs they used under the hood (at the time, YouTube worked, Netflix did not).

JoeyJoeJoeJr, 10 months ago

You might be referring to this? That’s what I found from a quick search, at least.

If I understand correctly, this is a little different - from what I recall reading a few years ago, the speculation was that Netflix (and similar apps) rendered the content directly, bypassing the normal rendering stack. It would be the equivalent of, on a Linux system, bypassing the compositor (e.g. Mutter or KWin), and directly rendering the content (I believe SurfaceFlinger is the Android compositor). This means that when something like scrcpy uses the competitor API to capture the content, the content is literally not there, because it bypassed that system altogether.

By contrast, the secure flag just allows app developers to ask the OS to disallow screenshots, to prevent data leakage (e.g. of your banking details). It’s all rendered in the standard way, though.

This may not be accurate - it’s based on assumptions, and forum posts I read years ago, but it’s the best explanation I have right now. If anyone knows better, please feel free to correct me.

JoeyJoeJoeJr, 10 months ago

This is approximately what I do as well, and would highly recommend. The one caveat I would add is while you are researching things you might want to do, take note of the subset of things you most want to do, and make sure you know what days/times they are open, if you need to book in advance, etc. I am very against having a hard schedule, but I also don’t want to travel somewhere only to miss the one thing I was really looking forward to because I decided “I’ll do that tomorrow,” only to find out it was closed the next day.

An additional pro-tip: Make your first list of things you might want to do ahead of time, and name it after the place you are going, e.g. “New York.” Then while you’re traveling, make a second list of “favorites”, e.g. “New York Favorites.” Keep track of all the restaurants, activities, view points, etc that you enjoyed using that second list. Then whenever someone asks for recommendations for a particular location, you can just send them your favorites list.

JoeyJoeJoeJr, 10 months ago

That sounds like a threading issue. If the app tries to run a task on its main thread, and that task takes a long time (in particular, longer than expected), it could cause the UI to lock up.

Do mouse interactions still work? Does anything on the UI update at all? If not, I’d bet on a task getting stuck on the main thread.

Note that this doesn’t have to be an intense task - you may not see a CPU/network/disk spike. It could be a deadlock scenario, where multiple threads are waiting for the same resources, and each locks some, but not all of the resources. None can move forward, no work is done, everything just hangs waiting for resources locked by other threads.

JoeyJoeJoeJr, 10 months ago

Hmm, strange. The last comment from Dan (second to last comment on the thread) makes it sound like their is another thread, and other users with the same problem:

Whew, I found the other thread and am happy to see that others are encountering this too, and it’s not some super duper weird thing with just my computer…

I tried searching a bit to see if I could find it quickly, but didn’t turn anything up. Maybe if you comment there, though, they could link you to the other thread, and they might have more info.

JoeyJoeJoeJr, 10 months ago

I’m on a laptop with hybrid Nvidia/Intel graphics, and Wayland has been working fine for me. I typically run in “on-demand” mode, but I’ve used both strictly Intel and strictly Nvidia modes as well, and it’s been fine.

I think the only real issue I’ve had is that Splitgate refuses to launch in Wayland, so I switch to X if I want to play - general computing works fine, native apps have had no issues, and all the other games I’ve played have launched without issue.

The Nvidia GPU is a 1650 TI, and I’m on the Nvidia 535 driver.

JoeyJoeJoeJr, 10 months ago

They do care. They’re trying to find a way to stop it. That’s the point of the article. It’s the first sentence:

The Danish government will seek to “find a legal tool” that would enable authorities to prevent the burning of copies of the Koran in front of other countries’ embassies in Denmark, Foreign Minister Lars Lokke Rasmussen told the national broadcaster DR on Sunday.

JoeyJoeJoeJr, 11 months ago

I did a site:reddit.com search using my username and found ~50 comments that Reddit has undeleted but also hide from my own account. I could still edit and delete them.

Perhaps you should re-read the post, and/or the comments here. The posts referenced are still live on Reddit, hence they can still be edited - OP is not talking about a cached view from the search engine.

JoeyJoeJoeJr, 11 months ago

This is probably going to make me sound like a curmudgeon, but:

While most of us are used to this system and its quirks, that doesn’t mean it’s without problems. This is especially apparent when you do user research with people who are new to computing…

I don’t understand this thinking (1), and worse, the workflow described seems like it will just make things more confusing (2).

(1) Most tools humans have developed are not especially intuitive - you usually need someone to teach you at least the basics, and then you need to practice. Consider a driving a car, operating a sewing machine, a microwave… Even something “simple” like a hammer has features that need to be explained (“turn it around, and you can use the claw on the back to remove nails”).

(2) This seems like it just introduces more inconsistency. Right now, a new window opens on top, and you move it and size it however you need. This works for all windows. With the model described, windows sometimes float next to each other (but the arrangement is random), some times tile, and other times will open on a new workspace. And the tiling features get even more confusing - dragging one window over another causes them to tile, but what if I actually just want them to overlap?

I feel like this is just going to annoy anyone used to the current system and still require a learning curve for anyone new to computing.

I’ve used gnome 2 and 3, Unity, KDE 3, 4, and 5, and am on gnome 44 now - I actually think the current world is pretty good. I’d much rather see quarter tiling and gesture customization than a whole new window management paradigm.

JoeyJoeJoeJr, 11 months ago

If you’d like them out of Google, but still on your phone:

You can use Google takeout to download all of your photos. Then delete them from Google, and copy the images you downloaded back to your phone manually. Finally, use a gallery app that can access files stored anywhere on the file system to view them (Simple Gallery seems to work pretty well - it should automatically find the images regardless of which folder you stick them in).

JoeyJoeJoeJr, 11 months ago

I would imagine the source for most projects is hosted on GitHub, or similar platforms? Perhaps you could consider forks, stars, and followers as “votes” and sort each sub category based on the votes. I would imagine that would be scriptable - the script could be included in the awesome list repo, and run periodically. It would be kind of interesting to tag “releases” and see how the sort order changes over time. If you wanted to get fancy, the sorting could probably happen as part of a CI task.

If workable, the obvious benefit is you don’t have to exclude anything for subjective reasons, but it’s easier for readers of the list to quickly find the “most used” options.

Just an idea off the top of my head. You may have already thought about it, and/or it may be full of holes.

JoeyJoeJoeJr, 11 months ago

it has its flaws.

Yep yep. I was aware of some of what you pointed out - I think this might be a “perfect is the enemy of good” scenario, though. GitHub alone accounts for over 84% (based on the awesome-selfhosted-data repo):

<pre style="background-color:#ffffff;">
<span style="color:#323232;">$ grep -r 'source_code_url' | cut -d ' ' -f 2 | cut -d '/' -f 3 | sort | uniq -c | sort -rn | head -n 15
</span><span style="color:#323232;">   1068 github.com
</span><span style="color:#323232;">     36 gitlab.com
</span><span style="color:#323232;">      7 git.mills.io
</span><span style="color:#323232;">      6 sourceforge.net
</span><span style="color:#323232;">      6 framagit.org
</span><span style="color:#323232;">      4 www.atlassian.com
</span><span style="color:#323232;">      4 codeberg.org
</span><span style="color:#323232;">      3 git.drupalcode.org
</span><span style="color:#323232;">      3 git.cloudron.io
</span><span style="color:#323232;">      2 repos.goffi.org
</span><span style="color:#323232;">      2 git.tt-rss.org
</span><span style="color:#323232;">      2 git.sr.ht
</span><span style="color:#323232;">      2 cvsweb.openbsd.org
</span><span style="color:#323232;">      1 yetishare.com
</span><span style="color:#323232;">      1 www.wiz.cn
</span><span style="color:#323232;">
</span><span style="color:#323232;">$ python -c "print($(grep -r 'source_code_url' . | grep github.com | wc -l) / $(ls -1 | wc -l))"
</span><span style="color:#323232;">0.8422712933753943
</span>

Adding in gitlab gets you to 87%:

$ python -c “print($(grep -r ‘source_code_url’ . | grep -i -e github.com -e gitlab.com | wc -l) / $(ls -1 | wc -l))” 0.8706624605678234

Also popularity != quality.

True, but a thriving community generally means more resources, guides, etc, which can be important, especially for self-hosted solutions.

In any case, the project is great, and much appreciated. Additionally, the enriched html version looks fantastic, and exposes most of the metadata* I’d want to see, regardless of how it’s sorted.

*One other item to track, that I thought about after making my previous comment - number of contributors. It gives an additional data point on the size of the community, as well as an idea of how many people can be hit by busses before the continued development of the project gets called into question.

JoeyJoeJoeJr, 11 months ago

See youtu.be/GCVJsz7EODA and youtu.be/V82lHNsSPww

There are a few problems, but I believe the biggest issue is that .zip and .mov are valid and common file extensions, and it’s common for people to write something like ‘example dot zip’ or ‘attachment dot mov’ in emails, tweets, etc. Things like email clients have features where they automatically convert text that looks like a web address into clickable links. So now, retroactively, all those emails etc suddenly have a link, where they used to just have text, and the domains that are equivalent to those previously benign file names are being purchased by nefarious actors to exploit people unaware of the issue.

JoeyJoeJoeJr, 11 months ago

At 1:30 in that second video, he shows that YouTube already converts dot zip domains, even in old comments that predate the domain’s existence. At 3:19, he shows/mentions Twitter, Reddit, Facebook, and LinkedIn. I would consider those major platforms. And keep in mind, it only takes one person downloading one file to cause major damage - the LMG hack was due to someone downloading and trying to open a fake PDF that was sent via email: youtu.be/yGXaAWbzl5A.

So yes, not everything does or will auto convert the links, but I think you are underestimating the potential for issues here.

JoeyJoeJoeJr, 11 months ago

I had to use vi for work (only editor installed on the servers), and it snowballed and now I can barely type in anything that doesn’t have vim bindings.

The first few days were pretty rough, but I learned the absolute minimal basics, and then just organically learned features as I needed them/whenever I felt like what I was doing was tedious, and there had to be a better way. It’s been about 10 years, and I’m still learning!

One small suggestion, check YouTube for videos of people showing off vim features, e.g. youtu.be/5r6yzFEXajQ. You won’t remember everything from one watch, but it’ll help you see what is possible/how powerful vim is, which can guide your “this is so painful how do I make this better” searches down the line.

JoeyJoeJoeJr, 11 months ago

I switched to Liftoff because is this.

JoeyJoeJoeJr, 11 months ago

I like pass, It’s just a wrapper around standard tools - gpg encrypted files in a directory, with git for version control. You can organize the subfolders however you’d like, and store whatever you want in them. You can sync the files across systems however you’d like - copy/paste, rsync, network drive… You can even go as far as to install a git server, e.g. gitlab, and clone, push, and pull into password synchronization bliss.

JoeyJoeJoeJr, 11 months ago

What are you trying to use it for? If you just need basic mapping, you might look at Organic Maps.

JoeyJoeJoeJr, 11 months ago

FWIW, I have a galp5, and had a lot of stability issues with Pop. I used it for well over a year, as I thought using their own OS on the machine they sold me would give the best results. Ultimately I spent a lot of time opening support tickets, and trying to work around issues (desktop stuttering, crashes, touchpad randomly would stop responding, etc). I did not find their support team particularly helpful. I finally installed stock Ubuntu, and it’s been significantly more stable.

I don’t plan to buy from them again. If I were buying now, I’d be looking at Framework (probably their upcoming, larger model with the dedicated GPU).