ono

@ono@lemmy.ca

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ono,

If new versions don’t make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I’ll spend time manually building/pulling/installing, and a Lemmy reader isn’t one of them. Thanks for the tip, though.

ono,

Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.

It’s still nice to know a tool like obtanium exists, though. Thanks for the link.

ono, (edited )

You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind.

I know how it works, and in this case, that’s fine with me.

F-Droid has an excellent track record; better than many developers have. And I’m not addicted to having the latest versions of everything on the day they’re released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.

ono,

I use it because, contrary to what that scare piece you linked would have the reader believe, it’s better for my needs than the alternatives.

(I’m no stranger to software development and security, by the way. I understand the pros and cons.)

ono,

N + 1 > N

ono,

So it could still be considered less secure than N.

It could be, or it could not be. Depends on the particulars, and on the needs of the individual.

Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.

ono,

Depends on the particulars, and on the needs of the individual.

That’s not really how things like security works.

If that were true, threat modeling wouldn’t exist. ;)

I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

I expect that’s probably true. It’s safe to assume I’m not one of them, though. Cheers.

ono,

I start with whatever is on F-Droid, and narrow it down from there.

Jerboa was the only option there until recently. I see Voyager and Eternity are there now. I’ll have to give them a try.

ono, (edited )

dedent() can help with that.

ono,

Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails.

That’s what they claim, but in practice, they seldom distinguish between the two.

ono,

They rejects them because it is an abuse prevention mechanism.

An “abuse prevention mechanism” that punishes legitimate users is a badly designed mechanism. It’s a lot like police racial profiling.

You can solve captcha and register without any additional information

Nobody said anything about registering.

ono,

That’s not what this specific list is for.

Yet it has a lot of legitimate domains, and has had them for years.

Regardless of whether the maintainer is malicious or just irresponsible, his list is doing harm.

ono, (edited )

You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down

No, I don’t believe I said any such thing. Since you mention it, though, I think taking this list down and removing the false positives before bringing it back up would be the responsible thing to do.

In the interest of specifics, can you point to where this specific list has done harm?

I know from personal experience and investigation (both as a user and on the admin side) that there are now many cases of privacy-focused email addresses being rejected, or even worse, accepted and then silently black-holed, due to the domains being inappropriately added to lists like this one. I don’t know of a place where people report such cases so they can be documented in aggregate, but if I find one, I’ll be sure to bookmark it in case your question comes up again in the future.

ono, (edited )

but you have no direct connection from this resource to harm you claim it causes?

The connection is very clear, because you can see what domains are on the list.

So you’re lumping this resource into a bucket with other resources that were malicious

You’re saying a dev using this list […] needs to convert their FOSS use-case to yours?

[…] the argument I feel you’re making.

Please stop putting words in my mouth. As you seem to be arguing in bad faith, I’m done with this conversation.

ono,

Ironically, when I tried setting a ProtonMail account recovery email address, they rejected it because it was on a list like this one. I hope Proton gets off this blacklist, but I also think they should practice what they preach.

ono, (edited )

It’s not just Protonmail.

Blacklists like these aggressively and unapologetically collect all privacy-focused email domains they find, including simple forwarding and tagging services. With more and more sites using these lists to reject or black-hole email addresses, it has become difficult to protect one’s self from spam and cross-site account tracking.

Dear web developers, please don’t use these lists. Well-intended or not, they are privacy and user-hostile.

ono, (edited )

please let the kids all of us be free of corporate abuse and greed.

ono,

If you mean the vkCreateGraphicsPipelines assertion, then yes, that’s still causing crashes at startup, and can still be worked around by deleting Data/PsoCache.pak .

The vulkan build is also crashing (in a different way) for some people after playing for a short time. The only workaround I know for that is switching to bg3_dx11.exe + DXVK.

ono, (edited )

The contents of the chat messages are e2e encrypted, so meta can’t see what you are sending.

Even if we assume correct e2ee is used (which we have no way of knowing), Meta can still see what you are sending and receiving, because they control the endpoints. It’s their app, after all.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #