Lighthearted eye candy
scsi
joined 7 months ago
The Arch wiki may have some ideas for you - tl;dr is that GDM uses a global dconf db over in /etc/ and this might be the root of your problem (these configs might not get cleaned up with a --purge?) I'm a LightDM user so best I can do to help: https://wiki.archlinux.org/title/GDM#dconf_configuration
The Fennec Android browser is currently behind on Firefox security updates, deemed unsafe by F-droid
Quick update for anyone still reading this thread:
@[email protected] As with any other app, we flagged Fennec and Mull with KnownVuln until the app is updated. Contributors fixed the issues that delayed versions 130 and later. Stand by for the build.
The Fennec Android browser is currently behind on Firefox security updates, deemed unsafe by F-droid
A bit of backstory on how we got here - in June 2024 Mozilla chose to (a) integrate the source tree of Firefox Mobile into their huge monorepo ("gecko-dev"), and (b) move the source off of Github onto their own git servers ("Mozilla Central"). You can read about it in the now-archived old repo:
- https://github.com/mozilla-mobile/firefox-android
- https://github.com/mozilla-mobile/firefox-android/wiki#upcoming-migration-to-mozilla-central
This was then compounded by a core Android build kit ("NDK") choosing to remove parts of the toolchain which is/was used to build Firefox releases (ergo, forcing another change to build process):
Together these have caused a bit of a kerfuffle in getting new releases compiled and released via the official F-Droid methodology. See the other comment about the Mull version in their private repo, they're having to use a Mozilla pre-built clang (a compiler toolchain) now to make it work for the time being.
The Fennec Android browser is currently behind on Firefox security updates, deemed unsafe by F-droid
The link(s) to add their F-Droid repo if not running DivestOS: https://divestos.org/pages/our_apps.html#repos
Along this line of thinking, I use Lemmy and Mastodon as complementary rather than competing, but not in the way people want/use X/Bluesky. Lemmy (reddit) is great for the use as you outline, Mastodon (and Pixelfed) supply a visual experience if you make it work that way and don't expect/want an X like experience (so think more Instagram). Lemmy lacks multireddits which could solve some of this Mastodon use case, on reddit I have a multireddit named "Gallery" which combines a dozen picture-only subreddits.
One can follow hashtags like #photography or #catsofmastodon, discover like-minded profiles who only post pictures and minimal talk/chatter (a lot of actual skilled photographers are present) and follow those profiles. It provides an experience that rounds out Lemmy, but I do admit I would love a "gallery" like view in the apps to streamline the hashtag viewing (Pixelfed does this specifically, but people are spread all over the planet - Mastodon proper pulls in federated data easier, IMHO)
To try and bake down the complex answers, if you are basically familiar with PGP or SSH keys the concept of a Passkey is sort of in the same ballpark. But instead of using the same SSH keypair more than once, Passkeys create a new keypair for every use (website) and possibly every device (e.g. 2 phones using 1 website may create 2 sets of keypars, one on each device) - and additionally embeds the username (making it "one-click login"):
- creating a passkey is the client and server establishing a ring of trust ("challenge") and then generating a public and private pair of keys (think
ssh-keygen ...) - embedded in the keypair is the user ID/username and credential ID, which sort of maps to the three fields of a SSH keypair (encryption type, key, userid optional in SSH keys) but not really, think concept not details
- when using a passkey, the server sends the client a "challenge", the client prompts the user to unlock the private key (device PIN, biometric, Bitwarden master password, etc.)
- the "challenge" (think crypto math puzzle) is signed with the private key and returned to the server along with the username and credential ID
- the server, who has stored the public key, looks it up using the username + credential ID, then verifies the signature somewhat like SSH or PGP does
- like SSH or PGP, this means the private key never leaves the device/etc. being used by the client and is used to only sign the crypto math puzzle challenge
The client private key is stored hopefully in a secure part of the phone/laptop ("enclave" or TPM hardware module) which locks it to that device; using a portable password manager instead such as Bitwarden is attractive since the private keys are stored in BW's data (so can be synced across devices, backed up, etc.)
They use the phrase "replay" a lot to mean that sending the same password to a website is vulnerable to it being intercepted and used n+1 times (hacker); in the keypair model this doesn't happen because each "challenge" is a unique crypto math puzzle generated dynamically every use, like TOTP/2FA but "better" because there's no simple hash seed (TOTP/2FA use a constant seed saved by the client but it's not as robust crypto).
The other data shows that posts and comments are going up linearly (a little suspicious but OK), but I wonder how the modlog affects the data (meaning how is it captured and when). I made one comment to a honest post yesterday (hosted on a remote instance), which then the post was deleted by admins like so:
Removed Post Any app for call recording ? reason: Rule 2: Please use [email protected] for support questions.
So my comment shows in my history but cannot actually be accessed; was this comment counted? was that post counted? Was I counted as an active user yesterday if that was the only activity I did all day? Was the one person who upvoted my comment before the thread was deleted counted?
Lies, damn lies and statistics. :)
tl;dr - depends not only on the device but also carrier and region. Google specifically made changes to stop devs from doing it. Full explanation to read: https://www.pcmag.com/how-to/record-calls-on-your-android-phone
As a sort of historical side comment regarding your concern about misinformation - "how much does it cost to register one?" has been the litmus test to use for a long time (I'm of an age). More specific to .info, it was one of the very first "new" TLDs introduced in 2002/2003 and the owners basically gave away millions of domains for free to gain market share.[1]
This led to a lot of scammers, hackers, malware and whatnot infecting the entire .info TLD and it was in trouble by having the entire thing blocked even around 2012, almost 10 years after introduction.[2] It was troubled with new "crackdowns" (enforcement rules) as well due to it's overwhelming use for nefarious purposes.[3]
Ad-hoc data from my own employment experience, in 2024 it's still 100% blocked (like ref[2]) by corporate firewalls who leverage strict rules along with many others who had the same troubled history (.xyz to name one) and the whole list of "free" domains. However, .info now generally costs $20 USD/yr (with many places offering first year discount for less than $5 USD) so I think it's trying to turn itself around.
Point being, "unrestricted" TLDs which are super cheap have had the historical tendency to attract scammers, phishers, malware and other nefarious entities because the cost of doing business at scale (these guys register hundreds of domains to churn through for short periods of time - "keep moving, don't get caught" i.e.). Having lived through this whole saga, I open all TLDs I know to be cheap/free in private/incognito tabs and treat them with suspicion at first.
view more: next โบ
Here you go, I'll throw in some bonus ones as they're all linked together in the Bloom County sidebar: