Might have transferred it through China, Russia, etc

Suddenly the cryptobros don’t like the fact that anyone can use it anymore.

Pedophiles paying for CP and murderers paying for hitmen? That’s just the cost of currency freedom, apparently (not making it up, I’ve seen cryptobros defending both under the guise of if you suppress them you suppress everyone). But a country the US hates paying to feed its people? Now that goes too far!

Why include it as a default though? If they simply dropped a recommendation, or asked to install it letting you know it’s proprietary, sure people might still complain but it won’t be seen as nearly as serious a violation of FLOSS principles.

Can you elaborate? This is the first time I’ve heard that, then again I’ve never used Grapheme and never interacted with any communities dedicated to the project.

TIL that’s a thing.

And TBH it’s really suspicious they don’t tell you which one.

I do wonder what their one proprietary app is

I vaguely remember there was this weird PDF reader app I’d never heard of the last time I used /e/. Going to bet it was that. Never used it, installed Book Reader from F-droid in its place.

Now, why that would be a default, I don’t know. The only non “it’s sponsored” theory I can come up with is that vanilla AOSP, by itself, has no actual ability to read PDFs. There is no default app for it and none of the common browsers can open them either. This is actually a problem in LineageOS because it only ships the AOSP default apps.

Or maybe it’s their custom app store that connects to Google Play without signing in? It doesn’t seem it’s based on Yalp/Aurora Store.

/e/OS currently has an alpha image for the FP4, I imagine LineageOS will soon too. Both are well-known degoogled ROMs.

It’s expensive yes, unfortunately prohibitively so for many, but that expense goes into sustainable, conflict-free materials, many years of continuous support, and the engineering required for a semi-modular phone. It will more than likely last you a very long time, longer than any other Android phone, especially since the battery, the first thing to fail in a phone, can be freely replaced.

Yes

I’m definitely an advocate for low level memory safe languages like Rust, over C/C++

No, this is worse. With the cURL thing, you know what you’re doing because you literally entered the command, and then you have to enter a password, and you can make your own assessment as to whether it’s a good idea. Also, assuming you’re on an HTTPS connection and trust the source (i.e. reputable software author versus shady pirate site), it’s not actually unsafe.

Whereas with sandbox breaks in Electron, someone can’t reasonably know that a feature is vulrnable (hell it can take the people who wrote the damn thing years to realize there’s a bug). If you need to open an HTML file in VSCode, are you going to manually audit the previewer implementation? It’s much easier to check your terminal commands for insecure pipes than to check an electron app for sandbox violations.

Is there a specific reason or example for why we say it has terrible security here?

From what I’ve heard, it’s trivial to accidentally execute an external webapp with the same privileges as the app itself, so you’re one bug away from potentially giving a random website access to your system APIs. For example, an improperly implemented HTML previewer would probably be the easiest way to get pwned in this way, especially since Electron supports the entire Node.js environment and not just browser based JS.

I’d be less hateful of Electron if it simply allowed me to use Mozilla Gecko instead of Chromium as the rendering engine.

I always liked the saying “just because I have the RAM doesn’t mean it’s for you!”

Privacy wise: It uses Chromium, which has been shown to have plenty of phone homes back to Google. Even though it’s open source, even projects specifically intended to “de-Google” it, like the Ungoogled Chromium project, are adamant that they’re never sure that they’ve gotten all of it because it’s so pervasive – and Electron uses the vanilla Chromium code straight from Google.

Other than that, the other, bigger reason is that Electron is extremely inefficient. @dessalines@lemmy.ml mentioned an Electron chat app using 4GB of RAM, and that’s not an exaggeration. You can easily get multi-GB RAM usage on even simple Electron apps. It uses a lot of CPU power too, like when Visual Studio Code used 13% of a CPU just to make the cursor blink.

Basically, almost anything is a better app platform than Electron. A fully native app in a low-level language is obviously the standard for performance, but even if you don’t want to go through the trouble, languages like Java and Kotlin are still way better than Electron. Hell, even other interpreted languages like Python run circles around Electron, see Blender.

Memory corruption vulns are the devil.