sudneo

@sudneo@lemm.ee

• ⁨Comment⁩ on ⁨What are some FOSS programs that are objectively better than their proprietary counterparts?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:

  Not to talk about annotations. Take screenshot, click preview, click edit, click rectangle tool, make rectangle (repeat), click done. Instead with flameshot it’s literally 2 clicks. Thanks for writing documentation BTW, on behalf of whomever you work with.

• ⁨Comment⁩ on ⁨What are some FOSS programs that are objectively better than their proprietary counterparts?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

  I have opposite experiences! Multiple Linux laptop, with multiple docking stations: a bit of xrandr magic and everything works, forever. (BTW, try setting manually the refresh rate at different values for the two monitors via xrandr, I have solves a similar problem to yours in the past by creating a dedicated display class.)

  On a Mac, it’s impossible, I have to plug one cable directly in the computer to make it work, and the quality of the output on 2k monitor is way worse since they disabled sub-pixel rendering or some stuff.

  Windows also works decently on this regard, until it doesn’t (my partner’s PC stopped recognizing HDMI monitor at some point, and the debugging was frustrating as hell).

• ⁨Comment⁩ on ⁨What are some FOSS programs that are objectively better than their proprietary counterparts?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I agree so much for flameshot. For work I moved to a Mac and we are not allowed to install flameshot (signing issue), and the workflow for taking screenshots (e.g., when writing documentation) is so much worse and slow with the default macOS tooling.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  In 4 years I have never (and will never) used any service from /e/. There is no vendor lock whatsoever. That’s fully optional.

  Points 3, 4 and 5 in your list are moot IMHO.

  Also

  It takes a base level of understanding why you would buy a Fairphone

  It doesn’t really. “Phone is repairable and X can help me”, “they pay the makers fair wages” are not really complex value propositions that require some (technical) understanding.

  The point of /e/ and similar distributions is that you can buy a phone with it (average user will never reflash) and just have a phone that doesn’t use Google (it does, for the amount that doesn’t require you to do extra technical stuff and have a sane user experience at the same time).

  That said, calyx seems a great alternative and so are iode. I think the advantages of one over the other (for my brief search) are quite small.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  Gotcha, you are the classic person who is unnecessarily confrontational, but that dashes at any actual confrontation, because ultimately you have nothing to say. Your history shows this clearly.

  We can all live without toxic people like you.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  So your argument is repeating a cliché? OK.

  I don’t need to convince you, but I explained my reasoning. Maybe make some practical examples, show some CVEs that - if left unpatched - severely impact the privacy (or the broader security) of the average users.

  Also, as anybody who works in security knows, security is not a binary, and securing often means paying a price (in usability, in Euro, in comfort, in performance, whatever). In my mom’s threat model there is no the APT leveraging a 0 day to breach her worthless phone, there are opportunistic scammers who send her emails. There is also google and the like harvesting her data to sell her shit (hence a deGoogled phone with bootloader unlocked is more important than a Google phone with bootloader locked, for example).

  In my threat model there might be some more resourceful attackers (because believe it or not, a financial org trusts me with securing their infra). However, as I also said, a much simpler and cheaper attack that recently has made the news is just to snatch the phone unlocked from my hands on the street, rather than exploiting an android CVE. This is why for example I have app pins for signal, email and everything that supports it, and I need to authenticate at every use. I also store all my TOTP on my yubikey, rather than keeping them on the phone (even with PIN), so my phone is not good as a 2FA device.

  What you call blasé is actually just a way I personally assessed the risks and decided to invest accordingly. People whose threat model involve the bots who spam emails do not have to invest in security like if the NSA is after them. Updating android a month later is not going to be even a “low” risk for most people, especially if they adopt the much more important practice (IMHO) of not installing every shitty app under the sun. If you think otherwise, make concrete examples perhaps. Using a cliché is not really building your credibility here.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I definitely wait more than a week to update for example. The marginal security risk is completely irrelevant for me compared to the operational risk of a buggy update. N-1 is a common practice for updating software in fact, unless there is absolutely a great reason to upgrade.

  Also, I want to be in your circle, because most people I know if the phone doesn’t update automatically they probably won’t even think of updating their phone (or their computer) at all.

  For me the reason is simple, I don’t care about the advanced threats that would be mitigated by GrapheneOS enough to buy a pixel and migrate. I already own a FP3 and that’s what I am going to use until it breaks.

  I might consider Graphene in the future, but having to buy a Google phone (even a used one) already pisses me off, compared to a FP (or similar). eOS also tries to be a “noob-friendly” distribution, that you can buy phones with and you never have to mess with the phones, which means people who don’t have the skills or don’t want to mess with their phones might trade the risk with ease of operation, and it might be the right choice for them.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.

  I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.

  Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).

  If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  FWIW, I have the FP3 for now more than 4 years. I have only replaced the battery 6 months ago. A case would have been extra waste (to produce the case itself) in my case, and probably will be trashed after as it might not fit the next phone.

• ⁨Comment⁩ on ⁨The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  No offense, but that’s not what a security dumpster fire is. Security updates are important, of course, but they are also not the biggest deal.

  In fact, I bet that the vast majority of users (on Android or otherwise) are lagging way behind in updates anyway.

• ⁨Comment⁩ on ⁨ooo.ooo⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

  Ahaha somehow I was thinking about the face and didn’t think about Fantozzi because of the pants.

• ⁨Comment⁩ on ⁨ooo.ooo⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

  Now I am curious, what are you referring to?

• ⁨Comment⁩ on ⁨Secure encryption and online anonymity are now at risk in Switzerland⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
  • Years of great track record, consistent position over basically a decade, 7 years of 5-6 digits donations to nonprofits aligned with those objectives: “whitewashing PR”.
  • 1 tweet about a different topic: “here is their real position on privacy.”

  Sorry, no.

• ⁨Comment⁩ on ⁨Secure encryption and online anonymity are now at risk in Switzerland⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
  • proton.me/blog/european-tech-alternatives
  • proton.me/blog/apple-ends-adp-in-uk
  • proton.me/blog/big-tech-data-requests-surge
  • proton.me/blog/trump-controls-nsa-fbi

  Just in the last few months. Their position has been always crystal clear on this issue. Please stop spreading misinformation for a personal grudge. Even one person who doesn’t switch from Gmail or Outlook to Proton (the closest privacy a friendly replacement) because of your bs is an unnecessary damage.

• ⁨Comment⁩ on ⁨Secure encryption and online anonymity are now at risk in Switzerland⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

  Do you seriosuly not see how your claim is a nonsequitur? Like, how can someone in good faith quote a sentence that talks about antitrust and who supports big tech or “small tech” and conclude that “Nazis are on his side”, so he must be a Nazi.

  I don’t know what more needs to happen for people like you to accept he supports nazis.

  For once, he needs to support a Nazi and their Nazi ideas.

• ⁨Comment⁩ on ⁨Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

  Maybe they are just getting started with learning programming, be kind.

• ⁨Comment⁩ on ⁨Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

  Foregejo : codeberg = lemmy : blahaj.zone

  Forgejo being a fork of gitea

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Fair enough, I am also not attached to kagi, mostly I want companies with good business models to succeed in tech. I want to see ad-revenue based companies (and all the connected industry) to crumble. A man can dream…

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  But yandex is useful for those who search in Russian. The low utilization probably comes from a mostly US/EU customer base, but when it is used, it is useful. I would disagree with disabling it. The best would be letting people decide what back ends to use, but that requires a whole rewrite of the search logic on their side, so it’s not happening any time soon…

  BTW in EU we still use a lot of gas and oil from Russia, so it’s quite difficult to avoid giving them money (especially because we don’t know where energy came from for every product we buy).

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  I think their customer base is basically 90% made of people that - like me - would quit in a second.

  Good thing is that there is no vendor lock, it would be a shame, but changing search engine is quite simple.

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Yeah, I agree. In general I will personally try to evaluate if the good that comes from a company succeeding outweighs the fact it’s a US company. I won’t use a dogmatic approach, but I will definitely be careful to choose even more carefully than before.

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  At least in Europe that’s still quite impossible, who knows what their gas and oil is used to produce. Which means you might buy some european product and also give them money. Anyway, everyone has their lines and I respect that.

  I think most people are unaffected from the actual data, unless they search in russian, which is useful for me as a Russian language learner for example. I mostly search grammar stuff.

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  I don’t know the details, so maybe there is a reason, but I am not part of the “outraged” crowd. I think kagi use case is neat and innovative, bot protection is meh

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Technically you could extend that reasoning to plenty of EU countries that also send aid to Israel (e.g., Germany, where Hetzner is located, or tuta, etc.).

  At some point one has to make compromises, and everyone can place the line where they wish. Considering 1000 searches per month, the price is going to be between $0.20 and $3.84 (synchronous). So let’s say $2, which is probably an order of magnitude more than the real cost. Of that 2$, the margin is maybe 1$? That 1$ becomes profit for some Kazakh company, which ultimately means $0.2 in taxes. If this was in Russia, that would be $0.018 to the federal government, but let’s say that it doesn’t matter. Of that, 40% goes in weapons, making it $0.08/month. In 1 year, that’s $0.96.

  Now, as I said I wouldn’t be surprised if this was an overestimation of 10x or more, it also assumes that absolutely nothing goes to Kazakh government, which is fully used to bypass sanctions, and a 50% margin for the company. It also assumes 1000 searches (the average was around 300 if I recall correctly) and that yandex is used for each one of them.

  Every cent count, absolutely, but it’s objectively such a tiny amount that a one-time donation to UA army or some humanitarian relief org will offset you for like 15 years.

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Since they implemented privacy pass, there is now something stopping them from doing both. See help.kagi.com/kagi/privacy/privacy-pass.html

  Obviously with it you trade the need to trust them for your own personalization (as they can’t know it was you searching).

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Sure, but they don’t (their privacy policy is exemplary). They have a whole shpiel about their business model. Just few weeks back they released a feature that makes it technically impossible for them to see who did searches, so no trust is needed anymore. They implemented a very novel protocol, quite cool.

  I have doubts considering they are an american company, but I want to see them succeed. Plus, they are remote, so at least a good chunk of the income taxes from salaries are going outside the US.

• ⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Why would they do what Google etc. do, but much worse? It makes sense that they do scrape what google etc. most likely miss (and that’s what their index is about). Even a company with Microsoft resources tried and failed to scrape the web as a whole (failed in the sense results are worse).

• ⁨Comment⁩ on ⁨I'm Tired of Pretending Tech is Making the World Better⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Open source analytics tools are still pushing for ad-driven business models that make the world (and the content) worse. Open source LLMs still waste computational power and pollute. And the list continues. Some open source technologies serve a good goal, some contribute to make the world as bad as some non-OSS.

• ⁨Comment⁩ on ⁨Every Country That Has Their Own Lemmy Instance⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  Thanks. Very interesting, I would think that is a nightmare for phishing and similar threats, but maybe they have good monitoring or oversight.