

just joining in on the misery. arr-s overpromise and underdeliver, tried for a month and gave up with just jellyfin and qbittorrent web. jellyfin is ok at masking the atrocious file names and directory structure, bless its soul
should post something eventually


just joining in on the misery. arr-s overpromise and underdeliver, tried for a month and gave up with just jellyfin and qbittorrent web. jellyfin is ok at masking the atrocious file names and directory structure, bless its soul
per oauth spec you get told what is shared. usually it’s just your user id (which often is email or username), i haven’t seen crazy scopes in the wild in a while
not 100% related but i think login should be less user friendly
“here take this 512 byte hash and store it and it’s you and if you lose it or have it stolen i couldn’t care less”
email verification is hard to do right (as said in top reply), oauth is annoying to get set up but more secure and all big providers have fancy recovery and login methods
no oauth? get the hash or go away


bidets
i assume you pee from your dick so does this boil down to a ranking of bodily wastes?


the diff is noise in the potentially big update log. the point of doing it manually is forcing you to take your time and verify stuff one by one. also pkgbuild is just one place, seeing the hash changed means nothing if you don’t check what that archive contains, or seeing the install steps don’t change mean very little when the installer invokes other scripts anyway
i understand that you aren’t going to vet the source itself, but at that point you are exposing yourself to this kind of malware without mitigation. the aur is unsafe by design (fast way to publish a package without any involvement from anyone else) and should be avoided whenever possible. im not an arch hater, i too run arch


i can empathize with those infected but it’s important to note that the source of this issue is still installing random stuff from random people. the aur is not the same as arch repos, and users wanting to opt in need to take more precautions than usual


in theory? getting rid of paru and friends, manually reviewing the pkgbuild and the source of whatever it is installing
realistically? nothing. the AUR is a glorified repository of build scripts anyone can upload. the script or the package itself can ship malware
the AUR is mostly the same as downloading and running random exes on windows. you should avoid it, make it as manual as possible (forcing you to double check what’s happening) and be able to review the installer/package or trust someone who can vouch for its safety
ah i’d categorize 30/mo as expensive :) i pay around 8 eur and have email, matrix, minecraft and jellyfin running!
not at all: atproto works very differently. fedi instances “do it all”, on atproto pds-es hold content, relays discover and aggregate, appviews show stuff. iirc relays can also implement moderation (such as blocks or bans). right now to my knowledge the only relays are bluesky’s and blacksky’s (because hosting a relay is very resource intensive)
i think my point kind of missed: i dont have specific recommendations unless an use case or a set of requirements is provided. most services from big providers are “catch all” because of budget and desire to capture market, privacy alternatives aren’t
i also misunderstood this as a recommendation for others rather than sharing own’s choices, so I’m sorry if I was annoyed for what I felt to be poor choices (and i feel these are for generic users trying to get free from big providers)
but really, drop brave
this is not good. stuff like google calendar and photos are cloud service, a local app isn’t a replacement and there’s so many good ones. brave stuff just injects their affiliates and ads and has paid models, plus is led by someone with very questionable views. arch linux as windows replacement is objectively a bad choice as first linux distro. keepass is great but again offline.
yeah, if you want privacy, de-cloud. even google photos is private if you never connect to the internet. we should recommend less bad alternatives with comparable features, talk about compromises and use cases, and generally avoid making such eye catchy “privacy packs” which don’t work for most and are honestly a circle jerk for who already solved their privacy needs
also there’s no private AI. your local model is built on stolen data, so if you care about our privacy and not just your own stop using ai crap or kindly fuck off back to your favorite techbro
it absolutely is! honestly all matrix homeservers are impressive, the protocol is not for the faint of heart
while i don’t want to throw shade on the developers’ intentions, nor have any real proof of what data is being kept, a fetch request bears by minimum the source ip (which can be geolocated) and the fact that the homeserver exists and runs continuwuity.
i’d suggest a matrix channel as alternative, so hosters can opt-in by joining. plus, by leveraging the matrix protocol, such announcements become federated push notifications, meaning they could come from any homeserver (limiting ip logging) and don’t imply the continued existence of such deployment, or the software which is being run
even converting such mechanism to an opt-out “auto-join announcements channel” would be more privacy respecting
be warned that continuwuity phones home by default to fetch its news and feed it to the admin, you may want to turn that off before booting first time
it doesn’t need to be fancy, just the ref impl. just like you may find lemmy terrible and prefer mbin. the ground work is there tho: a MR is a chat with a diff attached. we really should be making mails easier, rather than inventing a whole new centralized and then federated code forge stack
hey at least it wasn’t (exclusively) gpg!! be grateful
wow a non horny triangle meme


git send-email


why wouldn’t it be? you can send emails from web uis too. you can share diffs however you desire. you can have a remote for each developer, and push/pull changes to each other. the github mindset kind of ruined the resilience and distributedness of git: one central remote, one account authority, one central place where discussing MRs… ever forgejo is not as good as decentralized git: what’s a forgejo identity?
meanwhile git has been decentralized and distributed since day one, linux is still developed in a decentralized and distributed way and forgepub is just not ready and not even close.
sending emails with an attached diff to many ppl is too hard? make a nice offline gui doing that and we’re distributed. github was a psyop to make us un-learn git, making it better is silly, like wasting decades searching for “good cigarettes”
+1 for the expanse! the story isn’t extraordinary but their take on space faring was so good. now all sci-fi looks dumb :( i wish there were more series like that