• 17 Posts
  • 680 Comments
Joined 2 years ago
cake
Cake day: June 6th, 2023

help-circle


  • True, but I think that tech disparity (of say 15 years) between hobby-grade and consumer-grade hardware is closing, and that the disparity itself becomes less meaningful when you’re still able to do most things with older hardware.

    Hell, my smartphone is 8 years old and runs a light modern OS which still enables me to use modern apps with ease.

    This kid showed what was possible with just 6 months and 5 thousand dollars with today’s hobbyist chips.
    I tremble with excitement when I think of what the next kid tomorrow might do.



  • tetris11@lemmy.mltoTechnology@lemmy.mlNewpipe
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    15 hours ago

    Welcome!

    I mean if you only use trusted applications repos

    Trusting an application means trusting every developer who has contributed to its codebase. The XZ attack showed that it just takes one pushy contributor to completely expose an attack surface.

    The only thing you can really trust is applications that you build yourself and can personally vet the source for. No one does that of course, so we place some trust in authorized developers (e.g. archlinux-keyring) who have been vetted by their various organisations. With Github, no such vetting occurs, it’s just some guy/girl hosting their code.

    MITM attack to Obtainium

    I have to admit I don’t know much about the security that Obtainium uses. I’m hoping everything is TLS certified to make MITM difficult, but I don’t know those details. All I do know is that you’re getting binaries hosted by someone on github who might have zero cred in FOSS circles.


  • And the budget isn’t insane either.
    During dev he blew through 5 grand (high for an individual, but nothing compared to some startups)
    For production, apparently building one of these yourself with the materials he’s provided would cost $1500 – again, really not that astronomical

    This is really shining a lens on some companies charging $2000 for mid-tier laptop with half these features.
    I’m… quite excited that we’re entering a new era of hardware, which would put an end to these needless hardware companies



  • tetris11@lemmy.mltoTechnology@lemmy.mlNewpipe
    link
    fedilink
    arrow-up
    2
    ·
    20 hours ago

    not the best resource, but:

    we don’t audit every single app that makes it into the store. But we do make sure that everything is free software, and do test/investigate to a certain degree.

    From what I understand, F-droid regularly audits a few new apps for malicious code, and always makes sure that the source built the binary.

    With Github releases, maybe some of these binaries are generated by CI, but I’m betting more that they’re generated locally in dev and then uploaded to Github as direct releases. That is, the source you see on a repo on Github is not neccesarily the same source used to generate their binaries.

    To me that’s a wide angle of attack, and that’s why I stick with F-droid, even if it’s minimal checking.


  • Things are bad here too. As a US citizen you will be paying tax twice if you work here, you’ll never quite fully feel at home for about 8 years, and (most importantly) you’ll miss the cultural banter you grew up with.

    US isn’t a country, it’s practically a continent. There are plenty of places to knuckle through the next few years, but I’m telling you now - Europe isn’t the safe haven you think it is.


  • Fair, just be aware that family ties can sometimes matter more than our ideals.

    In my parents country, the left were aligned with the left of the neighbouring country, but differed on the issue of nationalism. That small issue was enough for some of them to distance/execute the left in my parents village, and it was the right-wing fascists in the village (yeah the lunatics wielding guns and causing trouble) who came to their aid.

    As you might imagine my family is a mix of extreme communists and fascists, and yet they all sit down with each other for christmas.

    I guess what I’m saying is, things might get really crazy out there in the next few years, and when push comes to shove, families generally protect their own, no matter what creed.


  • That’s fair. From what I can see in the text, the dad isn’t actually refuting anything the child says, just offering their (bad) POV. I’m not sure if that means he’s open to discussion, but he’s definitely not the aggressor, and to me that’s a sign that he might be reasoned with if you meet his basic level of civility.

    You’re right though, I don’t really know their dynamic. Hell, this might be playful dinner banter for all I know






  • tetris11@lemmy.mltoTechnology@lemmy.mlNewpipe
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    2 days ago

    I stay well clear of obtanium. Github releases are not the source-reproducible binaries they sometimes pretend to be. There’s no QC whatsoever.

    I’ll stick with the F-droid vetting. It’s not perfect, but it’s enough