Posts by eighthave@social.librem.one
(DIR) Post #AzH3NYlCVm3bp07tfE by eighthave@social.librem.one
2025-10-16T17:42:22Z
2 likes, 1 repeats
Dear tech media, could we please stop using GrapheneOS as the judge on what's secure? I respect very much what GrapheneOS has built, but their stance that free software is not important to security is very short sighted. They literally are willing to call binary blobs secure because someone told them they are? They have no other standard to go on, since they can't inspect them.https://www.theregister.com/2025/10/15/fsf_librphone_vs_proprietary_binary_blog/#FreeSoftware #FOSS #mobile #LibrePhone #FSF #proprietary
(DIR) Post #AzH8FUZmgS1OIal6rA by eighthave@social.librem.one
2025-10-16T18:30:11Z
1 likes, 0 repeats
@moshimotsu there is a very good reason why security audits are done on source code. Yes, observing behavior is important. Then when one has the source code, one can follow up and confirm the exact behavior. With a binary blob, that is not feasible.
(DIR) Post #AzIJZo01TIpEz5sdl2 by eighthave@social.librem.one
2025-10-17T08:10:04Z
0 likes, 1 repeats
It seems y'all are really missing the point of the FSF in general and its librephone project. They are working to replace binary blobs with free software. I recommend reading their project description:https://www.fsf.org/news/librephone-project
(DIR) Post #AzIXioBlXGIXXJYn44 by eighthave@social.librem.one
2025-10-17T08:12:21Z
0 likes, 0 repeats
@jae @rms That's exactly what the FSF Librephone project is trying to build: a phone that RMS would recommend. They are going to take LineageOS, find the device they can most easily replace all the binary blobs, and start working on that one.
(DIR) Post #AzSlpzIXyGvgxQeHeC by eighthave@social.librem.one
2025-10-22T08:42:20Z
1 likes, 0 repeats
@ret @fdroidorg We have never even tried to please everyone because it is clearly impossible. Thinking about the user helps deal with the world as it is. Let's take your example to show how difficult and gray this is: clearly the LGBTQ users in Saudi want privacy. If Saudi bans F-Droid and arrests users because of that app, did we best serve your example user? If F-Droid has a neutral reputation, provides strong privacy and decentralized access to apps, would your example user be better served?
(DIR) Post #B065oFkTrpACWlKivo by eighthave@social.librem.one
2025-10-30T12:11:48Z
0 likes, 0 repeats
#Google's #AndroidDeveloperVerification makes #Android worse than iOS because Android users are Google's product. Users attention is sold to advertisers. #Apple's business model is selling the device and integrated services, which means its users are its customers (although Apple still plays with selling their users too).Android currently allows users to opt out of being sold by Google. Once they lock down the ecosystem, that will become less and less possible.#DigitalMarketsAct #antitrust
(DIR) Post #B065oHZD6hKwAO4kds by eighthave@social.librem.one
2025-11-10T08:42:54Z
1 likes, 0 repeats
@wilhelm ok wow then we really do need to focus on making sure the #DigitalMarketsAct is enforced! I hadn't realized it had gotten that bad on iOS. I haven't looked in years.
(DIR) Post #B08DRB2yMzdPEaPUTA by eighthave@social.librem.one
2025-11-11T09:00:40Z
1 likes, 0 repeats
There is a danger to systems that automatically track CVEs. Its definitely good to automate tracking CVEs as much as possible. The danger comes when people do not understand what it means. The presence of library version with a CVE is not a binary flag that something is insecure. Just as importantly, the lack of CVEs does not mean the code is secure.Lots of coders want this to be a binary flag. The right way to think of this in binary terms is: did a maintainer review the #CVE?#security #ux
(DIR) Post #B0beoaq4gmvrEpdnwu by eighthave@social.librem.one
2025-11-25T09:39:00Z
1 likes, 0 repeats
I'm a big fan of encrypted connections. Towards that end, I just did a survey of all the apps in @fdroidorg to see if any of the source repos would not work with https://. This includes the over 5000 apps and all of their git submodules. All the git URLs that did not have encrypted connections (e.g. git:// http://) could be upgraded to https://. So I filed a bunch of merge requests, and am working towards forcing https://https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1737#security #git #https #privacy #FDroid
(DIR) Post #B2CRintW7OaYl3GQDY by eighthave@social.librem.one
2026-01-08T12:09:50Z
0 likes, 1 repeats
If you don't like #Trump's actions against #Venezuela, or #Putin's against #Ukraine, or #Canada's #TarSands, or #Sudan #Saudi #UAE #NigerDelta #IslamicState etc. follow the money. All of those are driven by #oil and #gas, and any money we pay for oil and gas support those conflicts and the states that back them. That means #plastic, your #car, your cheap flights, your oil/gas #heating, non-#organic farming, etc. etc. There are alternatives, we have a choice to not support any of this.
(DIR) Post #B2CRm2XU7tOb2vVAHY by eighthave@social.librem.one
2025-12-23T08:18:28Z
0 likes, 1 repeats
Being sucked into #monopoly enforcement against #gatekeepers around the world has given me direct insight into why #AntiTrust enforcement is so important economically: monopolists spend huge sums on PR to sell things that people do not want. Organizations like @fdroidorg can spend next to zero money and some hours of volunteer time to pop PR bubbles that surely cost many millions. The money is so concentrated that lots is thrown at even stupid ideas just because the monopolists want it that way.
(DIR) Post #B2HFa4YaZSa2AaLQum by eighthave@social.librem.one
2026-01-14T10:32:20Z
1 likes, 0 repeats
A classic example of the #toxicity of modern society: It turns out that exercise is as effective against #depression as #pharma, but exercise isn't controlled by a big corporation for #profit. #BigPharma spends huge amounts on #marketing, no one is spending anywhere close to that on marketing simple yet effective things like taking a walk with friends or family every dayhttps://www.npr.org/2026/01/12/nx-s1-5667599/exercise-is-as-effective-as-medication-in-treating-depression-study-finds"It's much easier for a primary care physician to prescribe medication to a patient [than exercise]"
(DIR) Post #B2hvmrB4JTmZg2AyiO by eighthave@social.librem.one
2026-01-27T10:02:05Z
1 likes, 0 repeats
@ilumium The evidence is very clear: social media is addictive, and indeed, was designed from the beginning to be addictive:https://stanfordreview.org/how-stanford-profits-tech-addiction-social-media/It is also clear that there is immense harm, especially to young people. Other addictive activities like gambling, alcohol, drugs, etc. are also regulated, including age restrictions. We need a better response than "no bans". We need to rally behind effective regulation. Otherwise totalitarian-minded politician will get onerous bans into law
(DIR) Post #B2k9ooWsuvJDiY7yzY by eighthave@social.librem.one
2026-01-28T12:23:50Z
0 likes, 0 repeats
@strypey I've had this same thought about AppImages. I think it should be pretty easy to build and ship AppImages via F-Droid. The tricky part is whether there is good standardized metadata in AppImages. With Android and APK, the system enforces a number of key properties: a globally unique Application ID, a Version Code integer to determine which is the newer APK, only one APK per Application ID can be installed, etc. These come from the OS, so it could be tricky to handle with AppImage
(DIR) Post #B2kC15kqtpjIWYdwHI by eighthave@social.librem.one
2026-01-28T12:45:14Z
1 likes, 0 repeats
An popular idea in #OS development now is that the ideal system would have a #sandbox that allows users to install even untrusted apps safely. It is important to point out that this is pure fantasy. No system has ever come close to providing a sandbox good enough for that standard (e.g. #NSOGroup has maintained zero-click exploits to #iOS and #Android for years now). Having pure fantasy as a goal means other features will be broken in the name of trying to achieve the unachievable#security
(DIR) Post #B2mSs5MV4rzMEjSoro by eighthave@social.librem.one
2026-01-28T13:26:08Z
0 likes, 0 repeats
@mjg59 I agree that free software alone is not enough to make trustworthy software, but I have to emphasize that free software is a requirement for trustworthy software. That unlocks key practices like reproducible builds, public audits, etc. Without all that, the only option is "hope they are doing the right thing".
(DIR) Post #B2mSsE2ymoinAnOrBo by eighthave@social.librem.one
2026-01-29T13:05:47Z
0 likes, 0 repeats
@jas @mjg59 Sure "source available" would be an improvement over secret source code, but that is only one piece of the puzzle. Free software means all users are free to fix and deploy issues on their own schedule, regardless of what the copyright holder thinks. That is also a key piece of delivering trustworthy software.
(DIR) Post #B2mSsGSZocNwelOKMi by eighthave@social.librem.one
2026-01-29T14:38:24Z
1 likes, 0 repeats
@jas @mjg59 I agree, the focus must be on the four freedoms and user freedom. Unfortunately, Google has proven quite masterful at maintaining control even when working with free software. AOSP and Chromium are two key examples. The key is that Google makes sure it is the upstream, while suppressing things that shift the power to the developer community around it. With AOSP, there is a big enough community to maintain it without Google. That requires them all getting separately organized.
(DIR) Post #B2mTnCByM6ZFvUluZU by eighthave@social.librem.one
2026-01-28T14:14:46Z
1 likes, 0 repeats
@barthalion I'm immersed in the basic research: Debian since 1997, FOSS Android since 2008, F-Droid since 2012, Flathub since years, etc. I also maintain stuff in Homebrew, and in the past contributed to the Fink package manager for macOS and used Cydia on iOS back in 2007
(DIR) Post #B2mTnH9fu4hVJojeBU by eighthave@social.librem.one
2026-01-28T15:02:05Z
0 likes, 0 repeats
@barthalion I now see there is a whole drama around that interview. I don't know if I'm going to wade into that whole thing, so I'll just say, I like how @mattdm described the role of the distro. That's what I was referring to.