- 0 Posts
- 65 Comments
Conversely I stay clear of F-Droid as they build and sign packages on behalf of the original developers, adding yet another point of injection for malicious code or supply chain attacks.
I’m really surprised servers have not started by default limiting and/or vetting who can federate with them. I know many Lemmy instances block many other instances from federating with them, but only after learning about what a lot of their content is. To me this practice kinda creates a very fragmented “which wind would you like to piss into” problem.
not sure but I heard they recently caught the FGC-9 designer
EDIT found the story: https://news.sky.com/story/jacob-duygu-incel-who-mysteriously-died-unmasked-as-creator-of-worlds-most-popular-3d-printed-gun-12997178
Indeed… for example OTF (who is funded by US Congress) has provided funding for several large open source projects like Signal, Tor, F-Droid etc. and some have taken this to mean they might be compromised… but of course there’s no actual proof of that to my knowledge. And even in the linked article the author appears to use a bunch of half-truths and just straight up makes things up that don’t actually exist in the sources they say contain what he writes (example: OTF/Congress is not the CIA).
Personally I don’t have any suspicion or reason to believe they might be compromised, but if such proof ever did come around… I wouldn’t be surprised.
Friendly reminder that Signal on Android contains proprietary code (google play services), and the server software is rumored to be closed now and/or not what they are actually using due to a lack of updates for a prolonged period. Of course it’s just a rumor and I have no way to verify that, but thought it was worth mentioning (hope this doesn’t count as FUD).
Molly-FOSS seems to be the preferred mobile alternative client.
need boot capabilities in order to “exploit” this
only with broken Secure Boot implementations
already patched in EPYC microcode
a nothingburger released suspiciously a day after Intel breaks news of being sued by their own shareholders (https://www.techpowerup.com/325414/intel-faces-shareholder-lawsuit-amid-financial-turmoil-and-layoffs-company-misled-investors)
I don’t think the name is why it isn’t used so much. I think it’s because it’s un-intuitive and almost incomparable to non-destructive/parametric professional programs. You can’t even change text after applying a style… for many, things like this makes it practically useless for real work.
Someone already tried to fork GIMP in order to change the name (Glimpse)… it didn’t work and they gave up.
China leads the world in academic fraud.
A common scam is to attribute medical miracles to stem cells - Similar to the cloning scandal from Korea - Because they know other countries legally CAN’T test the findings to either prove or discredit. They do this to fleece foreign institutions out of money and prestige.
How does this compare to the Daylight device?
I disagree, there are many resources for making and distributing android reproducible builds, including third-party F-Droid repos like IzzyOnDroid mentioned in my previous link.
And to my knowledge there is no technical requirement that F-Droid actually needs to build OR sign packages on behalf of anyone… I haven’t seen any actual official rationale listed for it, but I assume one of the main reasons is convenience for the developers so they don’t have to provide their own builds and deal with signing/losing keys.
I understand that the risk of problems can be somewhat mitigated in F-Droid by using reproducible builds, but I don’t consider that sufficient for the most privacy-conscious users because:
reproducible builds are not required by F-Droid
it is not made clear to the user that a particular package even supports reproducible builds
the verification of reproducible builds is not made plainly visible somewhere publicly if at all
a user can still easily be misled by a one-off rogue package that is NOT reproducible, due to the previous point
independent verifications of those builds reliably made by others are not common