The backend is the real interesting part, and the only way that we can be sure that “they cannot read the emails”
While I’d still prefer it, OSS can’t really help with that because what’s really required here is remote attestation.
That is an unsolved problem to my knowledge; there is no way to know which software they’re actually running. Even if they published the source code, they could trivially apply a patch in their deployment that stores all incoming email somewhere and you’d be none the wiser.
Even if they published source code and could somehow prove to you that they’re running a version derived from it, you would still not be safe from surveillance as one could simply MITM all connections. See i.e. notes.valdikss.org.ru/jabber.ru-mitm/.
That’s likely one of the reasons they do everything they can to make PGP accessible to every user.
imap/smtp can be toggled with a warning, if that’s really their concern
It’s plain and simply not how their service works. They’d have to build most of their service a second time but unencrypted.
It’s like asking Signal to build in support for IRC; it does not make sense for them to do that in any way without malicious intent needed.
no IMAP = no easy migration to somewhere else
You have IMAP access via the bridge. That’s what it’s for.
They’re not doing like proton and close basic stuff like IMAP and SMTP as a way to force you on the official apps
The reason Proton cannot do IMAP/SMTP is that they cannot read your emails which is required for both. That’s a feature, not a bug.
PM works with any app as long as the app implements their custom protocol for which there are at least two FOSS implementations as a reference.
proton is a “fake” open source that is mostly used for marketing: they opened only the UI, which communicates with a proprietary protocol to a proprietary server - useless
While I’d also prefer their back-end to be OSS, it’s not nearly as critical as the clients.
As a user, it doesn’t make a difference. I’m paying for an opaque service either way.
All the interesting stuff (E2EE, zero access storage) happen in the clients anyways. The BE is fairly uninteresting; it’s a mail server + zero-access encryption + Proton account handling. If you really wanted to build a mail service similar to Proton, you could build that yourself and probably would have to anyways.
The ultimate output of Nix is one set of data, usually the description of a derivation (~= package). You cannot cause arbitrary side-effects with it like writing to files or making network requests with it.
the parts of Guix in which packages are defined are quite pure, even using monads for some things
Monads have nothing to do with purity. In fact, one of the most infamous usages of them is Haskell’s IO monad which is probably the most impure construct in the entire language.
it is really not too different from the Nix language.
Hm, I can’t help but think that a lisp dialect can never really be similar to any language except another lisp.
meaning every step of building the kernel, including the steps taken to build the C compiler toolchain, are produced by code that is simple enough to check for correctness and safety.
Full-source bootstrap isn’t about just the kernel, it affects every piece of software. With GUIX and Nix, every single package can be fully traced back to the bootstrap seed.
Though it should be noted that you do require a running Linux kernel on an x86 machine in order to bootstrap.
it is not quite to the point where it /just works/ on a lot of the computer hardware that I own.
Unless we get some serious money, effort and/or regulation w.r.t. OSS firmware, that will likely never be the case.
That has nothing to do with its technology though, that’s a political issue. GUIX is a GNU project and acts like proprietary software does not exist/is not a basic necessity in 2023.
Ah I think Windows does this “helpful” thing where it installs its bootloader into the ESP of any drive if it’s already present rather than the drive you explicitly told it to install onto.
You didn’t have anything in it yet, right? Unplug all other drives and then re-install Windows onto the drive. It should work as expected after that.
IIRC Pop!_OS sets the systemd-boot timeout super short; you have to hold a key after the firmware is done or something to get to it reliably or simply increase the timeout (1s is enough, I have it set to that on my systems). systemd-boot should give you the option to boot any windows installation though, it can auto-detect them.