Post AZ6O9KFhP5SimFVa1w by raikas@mementomori.social
(DIR) More posts by raikas@mementomori.social
(DIR) Post #AZ6O9GNhnNUQlvDuxE by raikas@mementomori.social
2023-08-01T23:42:28Z
1 likes, 0 repeats
:alert: Software startup Skiff.com falsely advertises it's email client as #OpenSource I currently recommend avoiding using, and/or contributing to their products, until they fix their false advertising.They are actually licensed under CC-BY-NC-SA (Non commercial, share-a-like), which is not an open source license (as commercial use allowed is a requirement for open source).When confronted on Github, the issue was shortly closed, saying that the libraries used for the apps are open source, and that they have no plan for allowing commercial use for their apps.I pointed out that open source requires commercial use, and I got this reply from their CEO:"Commercial use is not a requirement for open source software. Study the MongoDB case."Didn't know that MongoDB is open source. Because it's not. It's source-available, not open source.Well, can't blame for users not checking this. Even It's FOSS News publication (https://news.itsfoss.com/skiff-mail-review/) got baited. Startups are using open source software's reputation, without contributing to the community (by using an proper license).Issue: https://github.com/skiff-org/skiff-apps/issues/93#FOSS #FalseAdvertising #Skiff #Email #OpenWashing
(DIR) Post #AZ6O9HN27MXvq7utXs by dushman@den.raccoon.quest
2023-08-25T21:45:07.246Z
0 likes, 0 repeats
@raikas@mementomori.social Didn't know this app existed and looked it up. We've had this for decades, it's called pgp lol.
(DIR) Post #AZ6O9IRg7Zr9Ap67QO by raikas@mementomori.social
2023-08-01T23:49:31Z
0 likes, 0 repeats
Good work @illiliti good debating in the issue 🙌. Even if they try to suppress you by deleting comments 😉
(DIR) Post #AZ6O9KFhP5SimFVa1w by raikas@mementomori.social
2023-08-04T21:53:26Z
0 likes, 0 repeats
@illiliti They marked your comments as "abuse" 😂
(DIR) Post #AZ6O9LQ14DJEOXLKka by raikas@mementomori.social
2023-08-02T01:05:39Z
0 likes, 0 repeats
Wrote an blog article that can be more easily shared.https://raikas.dev/skiff-is-lying-about-being-open-source/Or you can take a screenshot the post with https://mastopoet.ohjelmoi.fi 😉 #OpenSource #Skiff
(DIR) Post #AZ6OCNnEh9aaczeX2m by dushman@den.raccoon.quest
2023-08-25T21:45:43.529Z
0 likes, 0 repeats
@raikas@mementomori.social Also why the hell would you write an email client in JS?
(DIR) Post #AZ6OJG5jjBVeljaK1Y by dushman@den.raccoon.quest
2023-08-25T21:46:57.174Z
1 likes, 0 repeats
@raikas@mementomori.social They don't even build anything for Linux even though it's all fucking JS lol
(DIR) Post #AZ6PwxQIehHMPKhGvg by olmitch@shitposter.club
2023-08-25T22:05:21.746332Z
0 likes, 0 repeats
@dushman @raikas saw this today too https://eppie.io/
(DIR) Post #AZ6QH9Le1pTJBS9EUi by raikas@mementomori.social
2023-08-25T22:08:34Z
1 likes, 0 repeats
@dushman They mentioned problems of "managing and losing keys" and unencrypted metadata.https://skiff.com/blog/pgp-dead-what-next
(DIR) Post #AZ6QLhh0HK7GrMJGwC by dushman@den.raccoon.quest
2023-08-25T22:09:49.486Z
1 likes, 0 repeats
@raikas@mementomori.social pgp is deadWhat are these people smoking? It's the universally agreed on standard in practice.
(DIR) Post #AZ6QYsPBlCJTqhG568 by getimiskon@fedi.getimiskon.xyz
2023-08-25T22:12:10.368250Z
1 likes, 0 repeats
@dushman >What are these people smoking?faux-open source shit@raikas
(DIR) Post #AZ6QixXdWDR0ft19XM by dushman@den.raccoon.quest
2023-08-25T22:14:00.518Z
0 likes, 0 repeats
@raikas@mementomori.social You can use nice and modern encryption methods like ed25519 or ecdsa with pgp just fine
(DIR) Post #AZ6QjuNOlvIn9DgJGq by raikas@mementomori.social
2023-08-25T22:11:15Z
1 likes, 1 repeats
@dushman They're drugged up on VC funding. False advertising themselves as open source and privacy-first E2EE email (well, only to other Skiff users 😂).
(DIR) Post #AZ6R6WqGRFR4ojy9uS by dushman@den.raccoon.quest
2023-08-25T22:16:38.199Z
0 likes, 0 repeats
@raikas@mementomori.social There's nothing obsolete about pgp.
(DIR) Post #AZ6R6xDYNHVucV47ou by dushman@den.raccoon.quest
2023-08-25T22:18:21.568Z
0 likes, 0 repeats
@raikas@mementomori.social ​:laugh_about_it:​
(DIR) Post #AZ6REvNv4ZKdFhiNYu by slash@cdrom.tokyo
2023-08-25T22:19:41.230198Z
1 likes, 0 repeats
@dushman @raikas it’s treated as a standard and implemented through gpg but the problems raised are considered issues and are what a lot of front ends and apps using them try to address. The standard itself though is good, it’s just how it ends up used in practice by average users.
(DIR) Post #AZ6RSznbSQ0GzsRCeu by Moon@shitposter.club
2023-08-25T22:22:18.849716Z
0 likes, 0 repeats
@dushman @raikas it is unacceptably easy to use gnupg incorrectly and lose your security and shockingly hard to use in a general usability sense
(DIR) Post #AZ6RgjN9KP5Q6Yc6iG by Moon@shitposter.club
2023-08-25T22:24:48.300714Z
1 likes, 0 repeats
@dushman @raikas still, nobody has made a FLOSS replacement with its full feature set. I am a JavaScript programmer but I have found ridiculous bugs in javascript crypto libraries because the language is just not suited for this purpose.
(DIR) Post #AZ6RzOlcA97phTxTyi by slash@cdrom.tokyo
2023-08-25T22:28:05.011139Z
0 likes, 0 repeats
@raikas I don’t understand the argument you’re raising here- creative commons isn’t a software license, it covers creative works so in this case maybe things like branding, etc. The image you posted contradicts that by quoting the person involved responding that the actual software license is MIT, which is considered an open source license. This isn’t an unusual situation, it’s why for example when linux distros fork firefox they have to use their own name and branding even though the source is open, because the branding isn’t the software. Now MIT isn’t copyleft so it doesn’t strictly adhere to FOSS, just open source, but that doesn’t mean the claim made by this team is incorrect or misleading.
(DIR) Post #AZ6SZCE2GlLnEDK0qu by raikas@mementomori.social
2023-08-25T22:32:11Z
0 likes, 0 repeats
@slash They have their application code "licensed" under CC-BY-NC-SA, only those few libraries are MIT. But the client is under CC, and if that only applies to creative works then the code is licensed under All Rights Reserved. The email client is not open source in any case right now.
(DIR) Post #AZ6SZCztOpdDcdiERk by slash@cdrom.tokyo
2023-08-25T22:34:26.602276Z
0 likes, 0 repeats
@raikas Well then that seems to be a pretty poorly informed choice from them, CC isn’t going to have the protections of an actual software license.
(DIR) Post #AZ6SiYRv0j56lEHI12 by dushman@den.raccoon.quest
2023-08-25T22:36:20.851Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social it is unacceptably easy to use gnupg incorrectly and lose your securityWdym exactly?
(DIR) Post #AZ6SqTtXpNvIx5ymkC by dushman@den.raccoon.quest
2023-08-25T22:37:46.743Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social Also gui managers like kleopatra exist
(DIR) Post #AZ6TQZr78vl9re3RfU by Moon@shitposter.club
2023-08-25T22:44:17.647359Z
1 likes, 0 repeats
@dushman @raikas web of trust functionality is junk and tools like thunderbird integration made it super easy to accidentally use the wrong identity. more than once someone has sent me a PGP file signed using the wrong key that exposed their real name (also, why sign anything unless it's absolutely required, the UI should make that clear)
(DIR) Post #AZ6TkKhZC8zoem0cMK by slash@cdrom.tokyo
2023-08-25T22:47:45.646794Z
2 likes, 0 repeats
@Moon @dushman @raikas Definitely one of those things where even if you know the pitfalls there’s just a lot of vigilance that can easily be undone
(DIR) Post #AZ6VQZp9ScGTfsGQyG by dushman@den.raccoon.quest
2023-08-25T23:06:43.698Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social tools like thunderbird integration made it super easy to accidentally use the wrong identityTrue that. I always make sure everything is correct before sending. I don't use Thunderbird tho.
(DIR) Post #AZ6VxgnMYxgsqqDUi8 by dushman@den.raccoon.quest
2023-08-25T23:12:42.610Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social Just gotta be careful and double check things
(DIR) Post #AZ6W16zlblZyyheOTg by Moon@shitposter.club
2023-08-25T23:13:19.098742Z
1 likes, 0 repeats
@dushman @raikas cryptography tools need to have the best usability because the stakes are so high
(DIR) Post #AZ6W6IKmsS7taqxDJA by dushman@den.raccoon.quest
2023-08-25T23:14:14.373Z
1 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social Yeah I'd say an improved replacement would be nice but that shitty app sure ain't it.
(DIR) Post #AZ6W9hZHW05oiuMGh6 by dushman@den.raccoon.quest
2023-08-25T23:14:52.934Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social For now it's the standard so you gotta be extra careful especially if you're sending sensitive info
(DIR) Post #AZ6WHhIQPTK8CGHoHY by dushman@den.raccoon.quest
2023-08-25T23:16:18.823Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social more than once someone has sent me a PGP file signed using the wrong key that exposed their real nameNever had a mishap like that myself. I mean none of my keys have my legal name attached. Why would you even do that?
(DIR) Post #AZ6WoL7Pt18wyEhb7o by Moon@shitposter.club
2023-08-25T23:22:11.558422Z
0 likes, 0 repeats
@dushman @raikas work
(DIR) Post #AZ6WuAsMsiCSwORgvY by dushman@den.raccoon.quest
2023-08-25T23:23:17.081Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social I'd slap my initials in there
(DIR) Post #AZ6WzGKc1cxbJD5CBU by dushman@den.raccoon.quest
2023-08-25T23:24:09.385Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social I don't even have one for work myself though cuz they don't use it ¯\_ (ツ) _/¯
(DIR) Post #AZ6X78cCb8zXh548Lw by Moon@shitposter.club
2023-08-25T23:25:36.714076Z
0 likes, 0 repeats
@dushman @raikas I used to maintain an entirely separate user for work and personal on my laptop, that worked best.
(DIR) Post #AZ6XD5Fc1HAuzsKns8 by dushman@den.raccoon.quest
2023-08-25T23:26:41.157Z
0 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social Yeah that's the most practical way of going about it. Helps to keep things organized and separated.
(DIR) Post #AZ6XMNDOb9eRJnjAO0 by dushman@den.raccoon.quest
2023-08-25T23:28:21.836Z
1 likes, 0 repeats
@Moon@shitposter.club @raikas@mementomori.social I also have a ton of emails for different things. Best to keep stuff compartmentalized.
(DIR) Post #AZ6XXOmR7SVVMGNIKO by dcc@annihilation.social
2023-08-25T23:30:12.378156Z
0 likes, 0 repeats
@dushman @Moon @raikas I wonder if anyone uses email terminal clients anymore (i set up mutt)
(DIR) Post #AZ6aWtR9x6BG0lsCP2 by animeirl@shitposter.club
2023-08-26T00:03:53.488822Z
1 likes, 0 repeats
@dushman @Moon @raikas gpgtools on mac is pretty good i wish linux had something on that level