• 3 Posts
  • 47 Comments
Joined 1 year ago
Cake day: August 10th, 2023
  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlPrivate videoconferencing ?English
    5·
    1 month ago

    You’re probably going to end up on Jitsi meet, but I’m also going to drop a recommendation for bigbluebutton.

    I recently noticed that it was integrated into the open source Learning-Management-System Canvas, which every school I have gone to so far uses.

    Although bigbluebutton doesn’t seem to explicitly support e2ee (but maybe this counts for something), if you are already using Canvas, BigBlueButton definitely worth looking at.

    I really, really wish people at my school would use the integrated bigbluebutton instead of using zoom, especially given I’ve seen people occasionally have issues with authentication for zoom, but all of that stuff is handled with bigbluebutton because it’s fully browser based and integrated into Canvas.

  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlPolling the group: what do y'all know about the Orion browser from Kagi?English
    331·
    2 months ago

    https://help.kagi.com/orion/faq/faq.html#oss

    We’re working on it! We’ve started with some of our components and intend to open more in the future.

    The idea that “open-source = trustworthy” only goes so far. For example, the same tech company that offers a popular open-source browser also has the largest ad/tracking network in history, with that browser playing a significant role in it. Another company with a closed-source browser (using WebKit like Orion) is on the forefront of privacy awareness and technologies in its products.

    So, does anyone here remember when all chromium browsers had a secret api that sent extra data to google? Brave, Opera, and Edge got hit by this one, but I think Vivaldi dodged it. They all removed this after they found out, but still…

    When it comes to things like browsers, due to the sheer complexity and difficulty to truly audit chromium, I don’t really consider chromium to be “open source” in the same sense as many other apps. Legally, you can see and edit the code. But in practice, it’s impossible to audit all of it, and the development is controlled by a single corporation who puts secrets in it, or removes features that harm their interests (manifest v3). Personally, I consider Minecraft Java to be closer to open source than chromium is.

    To say that:

    The idea that “open-source = trustworthy” only goes so far

    is really just a cop-out and excuse for not being transparent with their code and what they are doing.

  • moonpiedumplings@programming.devtoPrivacy@lemmy.ml*Permanently Deleted*
    31·
    2 months ago

    Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?

    I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it’s own instance of firefox, complete with different history, extensions, and setting. You could have a “Netflix” profile and a regular browsing profile.

  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlThorium Browser?
    4·
    3 months ago

    Thorium’s entire focus is on performance. As another commenter has noted, that means no security updates, and no privacy features.

    I wouldn’t recommend it for daily use, but if you are playing a browser based game it’s worth testing out. I used to play krunker.io and I tested it to see if I could get more FPS (FPS equaled faster movement speed back then), but I didn’t see any major performance improvements over the major krunker clients or Microsoft Edge (other most performant browser).

  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlAll Proton Drive apps are now open source
    1·
    3 months ago

    I cannot find anything related to that in their documentation, their about page, or their whitepaper.

    They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.

    Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.

  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlAll Proton Drive apps are now open source
    1·
    3 months ago

    There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

    https://en.m.wikipedia.org/wiki/Trusted_Computing

    Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

    We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.

    Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

  • moonpiedumplings@programming.devtoOpen Source@lemmy.ml*Permanently Deleted*
    4·
    3 months ago

    So, officially no. But there are ongoing theories in the r/emulationonandroid subreddit that they are.

    I think it could be either way, but it’s unlikely that they are the same person. In both cases, harassment caused them to shut there projects down, which could be a reasanobale coincidence, or could be indicative of a larger harassment campaign.

  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlHow big threat do you think Intel ME is in reality, not in theory?
    3·
    3 months ago

    Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

    I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

    There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.

  • moonpiedumplings@programming.devtoOpen Source@lemmy.mlOpen source alternative to executables
    1·
    4 months ago

    So, I’m not gonna pretend flatpak doesn’t use more space then normal apps, but due to deduplication (and sometimes filesystem compression), flatpaks often use less space than people think.

    [nix-shell:~/Playables/chronosphere]$ sudo /nix/store/xdrhfj0c64pzn7gf33axlyjnizyq727v-compsize-1.5/bin/compsize -x /var/lib/flatpak/
Processed 49225 files, 21778 regular extents (46533 refs), 22188 inline.
Type       Perc     Disk Usage   Uncompressed Referenced
TOTAL       53%      898M         1.6G         3.6G
none       100%      499M         499M         1.0G
zstd        34%      399M         1.1G         2.6G

[nix-shell:~/Playables/chronosphere]$ du -sh /var/lib/flatpak/
1.7G    /var/lib/flatpak/

    I only have one flatpak app installed, and du says that takes up 1.7 GB of space… but actually, when using a tool that takes up BTRFS transparent compression into account, only half of that space is used on my disk.

    I recommend using compsize for a BTRFS compression aware version of du and flatpak-dedup-checker for a flatpak filesystem deduplication aware checker of space used.

    I think flatpak absolutely does use up more space, because yes, it is another linux distro in your distro. But I think that’s a tradeoff people accept in order to have a universal package manager for graphical apps.

    Also, you can flatpak cli tools. They are just difficult to run at first because you have to do the flatpak run org.orgname.appname thing, but you can alias that to a short command. Here is a flatpak of micro, a terminal based text editor.

    (I prefer nix for cli tools though, and docker/podman/containers for services).

  • moonpiedumplings@programming.devtoOpen Source@lemmy.ml*Permanently Deleted*
    3·
    4 months ago

    I dunno what’s most appropriate for email, but I often joke:

    Isn’t open source kinda like a cult?

    It’s a not a cult I swear! Just switch to free software, and free yourself!

    I’ve also heard my friend say something along the lines of:

    Free software, free culture, free people

    Or maybe it was free world or free trade? I can’t remember.

    Although, for slogans like this, I might go with something that has more of an immediate effect, like shilling an adblocker.

    • Install uBlock Origin. Blocking ads is one of the easiest ways to increase your security.
    • Install uBlock Origin. It blocks more than just ads, but also tracker scripts that follow you around the net and collect your data.

    Or the ever so simple:

    • Free software means free as in freedom — not as in beer.

    Anyway, I partially agree with the other poster, but I think a one sentence quip at the end of an email is unobtrusive enough that it gets a pass. Of course, it depends on your specific workplace and how strict they are, but I would assume most workplaces have a little space for humanity.