Post APO4dGLHfsXZzYaBc0 by inference@plr.inferencium.net
(DIR) More posts by inference@plr.inferencium.net
(DIR) Post #APNHLu5sFH2CJQT3q4 by jlhertel@fosstodon.org
2022-11-06T20:49:24Z
0 likes, 2 repeats
Are you running Android?Do you like open Source software?Well, then I highly suggest you to run #f-droid if you aren't already.All apps on the store are ad-free, open source and user respecting.There is really good stuff there, check it out.Official website: https://f-droid.orgAnd also they are on Mastodon: @fdroidorg
(DIR) Post #APO4dGLHfsXZzYaBc0 by inference@plr.inferencium.net
2022-11-08T07:49:57.408767Z
0 likes, 0 repeats
@jlhertel @fdroidorg I would if it didn't have terrible security practices, making it easy to backdoor the apps there:https://wonderfall.dev/fdroid-issues/F-Droid also ships 32-bit-only apps in 2022, when 64-bit was available from at least 2016 in Android, and 32-bit was phased out starting from 2019. Makes security, and thus privacy, worse for everyone.
(DIR) Post #APPcUu5W7fkGFpLyUa by jlhertel@fosstodon.org
2022-11-08T22:58:39Z
1 likes, 1 repeats
@inference @fdroidorg wow, I didn't knew f-droid had so many security flaws.I don't agree with all the points, but they are indeed valid criticism. Thanks for pointing it out.
(DIR) Post #APPcf9va5NhIHBb1Iu by inference@plr.inferencium.net
2022-11-09T01:45:58.007482Z
0 likes, 0 repeats
@jlhertel @fdroidorg Don't think that just because something is open source, it's safe. It doesn't mean that at all.https://inferencium.net/blog/foss-is-working-against-itself.html
(DIR) Post #APRsDfdOavv05SvMie by jlhertel@fosstodon.org
2022-11-09T20:03:14Z
0 likes, 0 repeats
@inference @fdroidorg That second article looks dishonest to say the least.Claims stuff like "FOSS projects rarely take security into account" focusing solely on phones and ignoring everything else from the movement.Yes there are products with bad security practices, but this doesn't automatically mean everything is bad like the article implies.
(DIR) Post #APRsDgAib2ZbkoVyeu by inference@plr.inferencium.net
2022-11-10T03:49:41.547364Z
0 likes, 0 repeats
@jlhertel @fdroidorg > Yes there are products with bad security practices, but this doesn't automatically mean everything is bad like the article implies.I never claimed it does.
(DIR) Post #APRsP1DsfZoUECOvgm by IzzyOnDroid@floss.social
2022-11-09T19:21:35Z
0 likes, 0 repeats
@inference @jlhertel Fact checking performed? Or just randomly quoted from different sources? I e.g. count about 1k *explicit* mentions of arm64 builds just in the apps' YML configs at fdroiddata. Checking the most recent indexeven gives almost 2k hits.So much just for the 32bit-only part, I won't delve into the others. Before you make such statements, better check they're true 😉
(DIR) Post #APRsP1qWLuioA2Tmuu by inference@plr.inferencium.net
2022-11-10T03:51:43.588717Z
0 likes, 0 repeats
@IzzyOnDroid @jlhertel Fact checking, indeed. GrapheneOS had to roll back to 32-bit + 64-bit Vanadium and WebView builds because F-Droid apps stopped working when they attempted a migration to 64-bit-only. The only issues were caused by F-Droid apps.F-Droid apps also target ridiculously low Android API levels as far back as Android 4.x for most apps. This is insane. No one should be targeting less than Android 7.0 or 8.0 nowadays when over 98% of Android devices run at least 7.0.
(DIR) Post #APSHC6M6tPQCl0emci by jlhertel@fosstodon.org
2022-11-10T07:25:21Z
1 likes, 0 repeats
@inference @fdroidorg Well, the article starts by talking about the FOSS movement (which means the whole movement) and then it says "FOSS projects rarely take security into account; t".So I would say it implies that all projects have bad security.Maybe a simple change mentioning that " some projects have bad security" might make the article clearer?
(DIR) Post #APSHC6rJ1QNKJlFhFQ by inference@plr.inferencium.net
2022-11-10T08:29:28.930897Z
0 likes, 0 repeats
@jlhertel @fdroidorg Sure, I'll add a note stating that it does not define *all* FOSS projects.
(DIR) Post #APSHRd05nn0WLalIVE by IzzyOnDroid@floss.social
2022-11-10T08:09:46Z
0 likes, 0 repeats
@inference @jlhertel hahaha, check that fact again, and read closely what they announced. They wrote "a certain F-Droid repository", not "the F-Droid.org repository". And sure, there are also 32bit apps – just because the new Pixel no longer supports 32bit doesn't mean all 32bit devices suddenly cease to exist. And some apps might be developed for 32bit only, nothing F-Droid can do about that.Also, what SDK an app targets is up to the app's developers, not to the repo.
(DIR) Post #APSHRdSS6LgzlY1whs by inference@plr.inferencium.net
2022-11-10T08:32:19.567169Z
0 likes, 0 repeats
@IzzyOnDroid @jlhertel > just because the new Pixel no longer supports 32bit doesn't mean all 32bit devices suddenly cease to exist.I didn't say this, anyway. If they want to support outdated 32-bit devices, they need to support both 32-bit *and* 64-bit, not only 32-bit. If anything, it should be 64-bit-only when there is only one architecture targeted.> And some apps might be developed for 32bit only, nothing F-Droid can do about that.They could do the sane thing and disallow 32-bit-only apps, same as Play Store does.> Also, what SDK an app targets is up to the app's developers, not to the repo.True, but you don't see that on Play Store or GrapheneOS App repository, or any other sane security/privacy repositories. No one who cares about security and/or privacy will be using 32-bit with its small address space and other issues.