A Justiça paulista determinou a penhora da picape Hilux do ex-governador Ciro Gomes (CE) em razão de uma dívida de cerca de R$ 6,6 mil com os advogados do site "Diário do Centro do Mundo".A decisão foi tomada pela juíza Ligia Dal Colletto Bue
A Justiça paulista determinou a penhora da picape Hilux do ex-governador Ciro Gomes (CE) em razão de uma dívida de cerca de R$ 6,6 mil com os advogados do site "Diário do Centro do Mundo".A decisão foi tomada pela juíza Ligia Dal Colletto Bue
Tomás de Aquino, em italiano Tommaso d'Aquino (Roccasecca, 1225 – Fossanova, 7 de março de 1274), foi um frade católico italiano da Ordem dos Pregadores (dominicano) cujas obras tiveram enorme influência na teologia e na filosofia, principalmente na tradição conhecida como Escolástica, e que, por isso, é conhecido como "Doctor Angelicus", "Doctor Communis" e "Doctor Universalis". "Aquino" é uma referência ao condado de Aquino, uma região que foi propriedade de sua família até 1137. Tomás de Aquino tinha abordagens diferentes para com seus antecedentes como Agostinho de Hipona, pois conciliava a fé com a razão. Seu pensamento teológico e filosófico inspiraram inúmeras gerações de pensadores. Seu magnum opus é chamado Suma Teológica.
This led to them including a self-update system which was openly implemented and documented. F-Droid was unaware they'd shipped it for half a year, and by then WireGuard had essentially escaped from in their words being held hostage by F-Droid.
This was a rare case where an app used developer signing keys via their flawed reproducible builds system. Most don't.
Per https://f-droid.org/en/docs/Inclusion_Policy/ The software must not download additional executable binary files (e.g. addons, auto-updates, etc.) without explicit user consent....
For the vast majority of apps they package, F-Droid downloads and builds whatever developers publish, then sign it with their own keys and release it. They aren't doing any real review as people believe. What they really do is run things through basic scans looking for libraries they've disallowed, primitive antivirus checks for common Android malware as if that's what malicious code in an open source project would be, etc. It took them that long just to realize an app openly took over updates.
F-Droid has incredibly poor security practices and a strong anti-security attitude held by most of the people involved. They've consistently engaged in coverups of vulnerabilities and targeting multiple security researchers with libel and harassment.
It's a massive single point of failure and not worthy of the trust many people are placing in it. It's adding another trusted party compared to using the apps built and signed by the developers. It is not avoiding trust in the developers of apps.
@sheogorath F-Droid is filled with insecure apps with unpatched vulnerabilities in libraries, etc. Many of the apps are unmaintained without updates. Many apps which are maintained don't get properly updated by F-Droid. There are often substantial delays for updates. F-Droid has consistently introduced security vulnerabilities and rolled back security features with how they do their builds, patching, etc. Not really a curated app store. It's a poorly maintained repo of some open source apps.
@sheogorath It's curated in the sense that they only have open source apps in it. They don't have any real standards beyond stuff being fully open source. The selection of apps is very arbitrary and tons of high quality modern apps are not included in it while tons of obsolete and insecure apps are included. Some apps which would be fine to use are not because they end up doing weird things like downgrading the dependencies
F-Droid has absolutely had fake/scam apps including of one of ours.
@sheogorath F-Droid has repeatedly gone months without shipping privacy/security patches for Firefox and other apps. Someone not getting browser security patches for their main browser for months is quite a serious problem.
Regularly not shipping critical Firefox security patches for months is the norm for the main F-Droid repository. Whether or not they sign the apps themselves as they do for the vast majority of apps, updates can be indefinitely delayed based on issues with their outdated infrastructure or their Debian-style downstream patches needing to be updated.
For the small subset signed by the app developers, many kinds of disagreements between F-Droid and developers will mean an end to receiving updates.
You are not the only ones that struggle with f-droid. (There is an ongoing struggle to fix certificate pinning by f-droid by a former maintainer, which has neither been acknowledeg nor accepted).
But the question is: what alternatives are there? As far as i can tell, f-droid is the only large scale-repository of open source apps there is.
@newhinton F-Droid doesn't actually package as much of the open source Android app ecosystem as people think it does and a lot of what are packaged are obsolete, unmaintained apps instead of the many high quality ones which aren't in it.
F-Droid stands in the way of better solutions being developed and adopted. It existing is the problem. It stops a group of people who actually care about providing proper updates, security, etc. making something better.
I think you should stick to technical objective criticism. If you want to move to social science speculations then I reply that messages like this weakens your point.
@alxlg @newhinton This wasn't part of our thread, it was a reply to someone bringing up non-technical issues with the F-Droid project with developer infighting and multiple people recently leaving the project. Poor handling of security issues is a factor in that. The technical issues do not exist in isolation from the root causes which led to it being designed and implemented the way it is. It doesn't simply need a technical overhaul. It needs developers who understand and care about security.
The evil marketing department of F-Droid Inc. is preventing better alternatives to be known... no wait, no even *exist* because security experts feel defeated from the start. This is what your whining sounds like.
The reality? Those security experts just don't volunteer.
@alxlg @newhinton Why would people who have been targeted with an extreme level of harassment by the F-Droid project and their community for talking about it be stepping up to help with it? They're building better alternatives to it instead. There is no way this group of people you're talking about is going to work on a project with a development team that has repeatedly covered up vulnerabilities and attacked the people talking about the flaws including their own former project members.
Oh come on, it's FOSS we are talking about, just fork or start your project. In fact I never said they should contribute to F-droid specifically if they don't want to.
@cercello @newhinton Neo Store is another F-Droid client. Since most of the issues are with the main F-Droid repository and overall system, it doesn't avoid most of the problems, only client side issues.
@Kulei @newhinton We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
Isn't Obtainium just worse than F-Droid? Considering that F-Droid atleast does some of the antivirus scanning and such. It's very difficult to verify whether an app is secure or private (even for people that trust aGPLv3 or just open-source apps intrinsically more than proprietary ones there is no guarantee of safety or privacy).
F-Droid still does better checks than something like Play Store, right?
No, since it avoids added another trusted party which has proven to be highly untrustworthy.
> antivirus scanning
It's performative.
> F-Droid still does better checks than something like Play Store, right?
F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
> F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
Isn't it supposed to be possible to target older APIs even in current builds?
@lispi314 @newhinton @Kulei Target API should currently be 35 (Android 15) to enable the latest backwards incompatible improvements including privacy/security improvements. Target API being 35 does not drop support for any older releases. The behavior is determined based on the highest target API level supported by the OS and app. Minimum supported API level is a separate thing and raising it is to clean up code by dropping the workarounds, shims and support for legacy behavior on old Android.
@newhinton @lispi314 @Kulei Compile, target and minimum API are separate things. Compile API level can be updated to the latest usually without any changes or at least very minimal ones. There are rarely changes needed in Java or Kotlin code, but sometimes tiny changes are needed in C, C++ or Rust. Compile API level is the version of the SDK being used to build. It should be at the latest shortly after it becomes available. There's no good reason for delaying updating it.
@newhinton @lispi314 @Kulei Target API level sets which backwards incompatible improvements are supported. It should be quickly moved to the latest. Play Store requires not being more than around 1 year behind for both new apps and app updates. Target API level is important to enable backwards incompatible privacy and security improvements including improvements to the app sandbox and permission model. Each year there are major improvements in these areas. Should never be more than 1 behind.
@newhinton @lispi314 @Kulei Minimum API level is the oldest supported Android version. Supporting older Android versions means either avoiding new OS APIs or providing multiple code paths. Target API level often requires supporting the new ways of doing things so multiple code paths are often mandatory. AndroidX libraries deal with most of this for apps. Supporting a higher minimum API level reduces the size of the app by dropping tons of legacy code paths and libraries. Easier to maintain.
@newhinton @lispi314 @Kulei Updating the minimum API level is at the discretion of the developer. It's a huge burden supporting much older API levels. AndroidX has a minimum of 21 across the libraries, although some are higher. 21 is ancient. That would force avoiding tons of basic APIs including very useful parts of the Java standard library. Worked around by adding libraries providing backported implementations of newer features within the app, which is a major part of what AndroidX does.
@newhinton @lispi314 @Kulei AndroidX largely provides libraries built on top of the OS APIs which are recommended as replacements. They backport APIs to older versions and also work around bugs in older Android versions, bugs in specific forks of Android, etc. The APIs also often add new useful features and some are higher level with major features/infrastructure built on top such as AndroidX Camera (CameraX) vs. the OS APIs it uses (Camera2 on decent devices, Camera1 on terrible ones).
While I appreciate bringing up the security concerns the existence of alternatives to #FDroid I do not think we have those when it comes to pure FOSS apps without the usual big corporate trackers/libs. #Accrescent lists a few apps and fails to provide relevant information about them (such as requested permissions). E.g. #Qlango includes multiple tracking libraries by #Meta / #Facebook and doesn't look like it is FOSS to any degree. Even while the #FDroid repo is not carefully curated I don't run into traps like these. 🤷
There is a need for a curated and maintained FOSS app repo and currently there is nobody but @fdroidorg providing it. #Obtainium, #Accrescent are mostly option for expert users who exactly know who to trust and what they are looking for. @Kulei @newhinton
#Accrescent IMO absolutely needs - better description of app - permissions list - license info of app - download size of apk - website link if available - (minimum Android sdk)
We already have plans to expand app descriptions, provide download size information, and utilize detailed compatibility specifiers including minimum SDK specifications pending some upcoming server changes. It's not yet clear whether or how to incorporate permission lists, license info, or website links (though we do at least plan to distinguish open source apps).
@Kulei @newhinton What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
> What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
You can read about their requirements on their site. They have a system for tagging apps that's being implemented for marking which ones are open source, have reproducible builds, etc. If you only want to use it for open source apps, you'll be able to do that. Apps being open source does not mean other standards aren't relevant.
> F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
Apps with an ancient target API level aren't possible to fully automatically update. This is F-Droid warning that their automatic updates don't fully work due to not complying with that minimum target API expectations, not them adding a warning about target API level.
Is this all true if you separate out F-Droid as a program and F-Droid as the default repository? My impression of the F-Droid default repository is pretty much aligned with your post, but it's also easy to add other repositories. I'd expect something like WireGuard or Firefox to be able to provide their own F-Droid repository quite easily. Are there also flaws in the client app that make this a bad idea?
@david_chisnall There are huge flaws in the repository system, the tooling for managing it and especially the client app. It's not a good way to distribute apps. It also simply doesn't make sense for distributing 1 app instead of just giving it a self-update system. Securing the initial download isn't accomplished by having an F-Droid repository any more than publishing the APK and signing key fingerprint for use in App Verifier.
@david_chisnall Having a chain of trust for the initial install requires it being somewhere that's available to the users on their OS as a standard way to get apps such as how GrapheneOS provides both Accrescent and the Play Store in our own app store. F-Droid isn't going to be there due to the massive technical issues but also the people behind it.
Well that's sad. Having to implement your own updater in every app is annoying when F-Droid can just do it from a bunch of repos. It would be nice if there were a simple generic solution that let you bootstrap a single updater app and then add repos.
For traditional UNIX systems, there's a big benefit in having a single repo, because you distribute a load of shared libraries and you want a consistent build of all dependencies. With Android / F-Droid, each app is totally independent (or depends on things via late-bound intents) and so there's no real benefit from the centralisation, other than needing to deal with people who have the kind of purist views that put off users.
@david_chisnall F-Droid isn't updated dependencies across apps and has even down downgrades of security critical dependencies which introduced security vulnerabilities to apps again.
Traditional Linux distribution repositories have been moving away from working that way though with packaging systems like Snap and Flatpak along with projects having dependencies done in a way they're not good at handling. Distributions aren't really capable of dealing with all the dependencies in practice.
@david_chisnall It results in them not packaging as much software written in languages where they don't have tons of the dependencies already packaged or they aren't well suited to being handled that way such as Haskell, Rust, Go and node.js. Alternatively, they compromise and end up simply building them into the package. There's an increasing trend away from those traditional repositories in practice. Users also largely don't want it for apps without a full rolling release approach.
@ejim @david_chisnall GrapheneOS has been changing these interfaces for permissions, ADB key approval, etc. to have a 1 second delay before it can be approved to avoid this issue.
Either way, you already have the app installed so it can run arbitrary code. If it has network access it can download and run code or change the existing code's behavior based on our. Our dynamic code execution restrictions prevent running dynamic native code or loading classes with the Android Runtime, not all code.
@ejim @david_chisnall Those restrictions are also meant to help defend apps from getting exploited. If they're already malicious it doesn't particularly help with anything.
Are there plans to include IronFox as part of the official F-Droid repo, as Mull was? Otherwise, perhaps on IzzyOnDroid repo, or lastly a custom IronFox one? Even...
fwiw, they do ship an app called FFUpdater, which, as far as its UI suggests, downloads the packages from Mozilla/Github. Updates are still manual, though does mostly cut out the F-Droid-in-the-middle.
For apps that are signed by the npubs of the developers you know and trust, I understand it to be a better alternative. It will be amazing once all apps are signed by dev npubs.
AFAIK apps that at signed by ZapStore are requiring you to trust Zapstore's build processes, similar to Fdroid.
We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
Accrescent requires developers to log in with a github account not giving alternatives. So you basically need to agree to some st***d tos from a us big tech company to publish an app? This is a complete fail, so no alternative to fdroid, sorry.
@bf3307b981eb48d73577851d055a1d3461f2c7cb2eff9eea6162bb0e13393d02 It's the apps which largely support reproducible builds. F-Droid is referring to a specific system they use for a tiny subset of apps shipped through F-Droid where they reuse the developer signature and then stop providing updates if the developer does something they disagree with or they end up unable to reproduce it properly anymore even if it's an issue on their end. It's not a solution to their app distribution approach.
@bf3307b981eb48d73577851d055a1d3461f2c7cb2eff9eea6162bb0e13393d02 They often want to make changes to apps and shipping the developer builds requires them being fully aligned on what is going to be done with the developer with political issues not coming up. Bear in mind they regularly have all kinds of issues leading to blocked updates even without this system being used for the vast majority of the apps.
@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a That's the Play Store with an alternate frontend. It uses shared accounts by default. Worth noting shared accounts are against the terms of use and may bring problems. It doesn't verify the signatures of the metadata yet to verify apps came from the Play Store signing infrastructure. You can use the sandboxed Play Store on GrapheneOS too. Play Store has problems too but they do security well.
@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a Accrescent is building an open source alternative to what the Play Store used to be: developer builds of apps signed by the developers and uploaded by them. That's good for the small number of apps available through it. For the majority of apps, you have to pick what you consider the least bad. Obtainium + App Verifier is one approach for getting apps directly from developers, but it's fragile and not easy for regular users.
I also use Aurora on my Pixel with GrapheneOS. I did this out of conviction that this solution is better than Play Store in terms of data protection. However, I would not have thought that this would entail increased security risks. Weighing up data protection vs. security is not easy for me. @001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a
@menschmeier @001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a Those apps are coming from the Play Store either way. They're largely generated and signed by the Play Store. Many but certainly far from all of them include some Google libraries and may depend on Google Play for full functionality.
Aurora is an alternative to Google Play Store and has the exact apps available there. FDroid has apps that aren't in Play Store, or its a different version in F-Droid. The FDroid ALTs I know of are: Accrescent (from Graphene OS), Obtanium (pull builds straight from the git repos), and Zapstore. Not sure which is really the best solution though. I'm mostly in Obtanium though.
Accrescent is not from GrapheneOS. It's a third party project. We mirror it in our app store so people can obtain it securely and then use it to get apps like Molly with a chain of trust from GrapheneOS.
Verifying the download for the initial install is what's left up to the way the app is being obtained. As an example, our App Store has signed metadata with a timestamp and hashes of the APKs.
When we are pointing out that harassing, did u tried to black mail them 🤭🤭 Its weird to read this by GraphenOs profile 🤣🤣🤣🤣
One of my fav comments under one random YouTube video-
“One of the inherent advantages of Open Source is that when a project needs new leadership, but the current leadership doesn't recognize that fact, the project can simply be forked, perpetuating the good idea and leaving the failed leaders to howl into the abyss until / unless they decide to grow up.”
@c3f12a9a85beea46ea631c95652a17e02d3bcbe477bd1709350f217e06c21301 Nice to know that you support and spread fabrications about GrapheneOS. The content you're referencing doesn't even do the bare minimum of trying to hide that it entirely consists of spin, misrepresentations and lies about us. It's genuinely sad that people fall for such blatant scamming and believe non-credible content creators trying to get clicks and promote themselves by harming open source projects with clear false claims.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
Looking at this style of writing here, I have to ask, was this written by same Daniel that Louis Rossmann talks about here: youtube.com/watch?v=4To-F6W1NT… ? It would explain a lot of venom if it is...
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
@mnalis This is harassment content based on spin and fabrications about an open source developer. It tries to portray them as insane based on them being in distress about being swatted in a private message with one of the people encouraging attacks on them.
@NebulaTide Um, Play Store is exactly the same. They lie that they're vetting packages and that's their justification for the walled garden approach. But all they're doing is setting policies which encourage malware-playing-by-Google's-rules and randomly ban software that's actually not shit (concrete example: not understanding that there's such a thing as an app that's a pure client not tied to a particular service provider, where by connecting to someone unsavory server you might see unsavory things).
@dalias @NebulaTide Our current general recommendation is obtaining apps directly from open source developers. Obtainium and App Verifier are useful tools for that, but Obtainium doesn't do things in a way that we can wholeheartedly recommend it or package it in our app repository. We could make our own tool for downloading app builds with pinned keys from where developers publish them without involving third parties. Could support a reproducible build verification system via third parties too.
@dalias @NebulaTide Play Store used to be a way to obtain developer builds of apps signed by the developers but has moved away from it and the code transparency system they provide isn't a complete solution to verifying what they generate and sign from the app bundles uploaded by developers.
For our own app repository, we don't want to build thousands of open source apps largely not aligned with our approach, especially without doing a pass updating dependencies and adding basic hardening.
@dalias @NebulaTide Accrescent is a project we recommend as an open source replacement for what the Play Store used to be but it's still in an early phase without a lot of apps. Makes sense to use it for the apps in it though.
It's a secure way to distribute developer builds where developers upload their releases. It's therefore not going to be a similar single point of failure, but it's also only going to exerting a small amount of influence on the app developers.
@dalias @NebulaTide F-Droid repeatedly not giving users Firefox updates for months because they have to slowly update their patches removing things they dislike is an example of how much of a disaster it ends up being. Users getting browser security updates is critical.
They've also had a long history of doing weird things like rolling back security critical dependencies compared to what apps use themselves. They do similar things for their own apps too to support ancient Android versions.
@dalias @NebulaTide It doesn't really matter that Firefox includes tiny proprietary Java libraries barely harder to review than open source code because of how Java works. If they're going to take that purity approach they need the resources to deal with updates. It's unclear how the purity approach is meant to work for the few percent of the apps where they use developer signed releases. What happens when they disagree about something the app includes? No more updates? It can be very political.
Yes, I think it's best to install apps from GitHub releases, and subscribe to GitHub releases of your apps to get notifications about new releases. But that only works for apps hosted on GitHub (GitLab should have similar functionality).
But your own tool to verify certificates sounds very interesting.
@tibs @dalias @NebulaTide According to F-Droid themselves, their Firefox fork uses services which track users. The telemetry they're disabling is not mandatory and it's as if they're trying to make the changes more invasive rather than doing the least invasive change possible. Some of their changes include adding bookmarks/links to the F-Droid site.
The only thing they truly consider a blocker to updates is removing the client side Google Play libraries which blocks their updates for months.
@astroboy @dalias @NebulaTide Obtainium automates getting apps from GitHub releases. We just think it does too much and it isn't as focused on verifying the apps as it should be. We'd rather have something simpler which supports fewer things and is focused on shipping a database of where it can fetch apps and their signing keys instead of needing App Verifier as a separate thing which also doesn't have a large pinning database yet.
We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
>removing things they dislike Maybe Mozilla could make a browser that is not riddled with telemetry and bad defaults, so the F-Droid team doesn't have to fix it.
@Erklaerbaer Android's package manager, app sandbox and permission model are overall quite solid. It's alternatives to the Play Store which are lacking. It's nothing like the situation on desktop Linux. There's one working package management system and a single app sandbox system which works well instead of being super incomplete. It also makes yearly privacy and security improvements via a target API system enabling backwards incompatible changes where the Play Store provides a year to migrate.
I think you're dismissing the important curation work of F-Droid.
Sure it's imperfect and security patches take too long, an additional intermediary etc.
But using Obtainium [edit: I was wrong about Accrescent] just leaves the users to their own devices installing any app, with zero oversight. Far from ideal.
You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
> I think you're dismissing the important curation work of F-Droid.
They don't do important curation work. They do a very poor job with that and their changes have consistently introduced security vulnerabilities and broken apps.
> Sure it's imperfect and security patches take too long, an additional intermediary etc.
It's not only an extra intermediary but a group of people who have demonstrated themselves to be highly untrustworthy with underhanded malicious behavior and coverups.
> You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
They've done repeated coverups of security vulnerabilities including ones their own team discovered. They regularly refuse to fix serious security and other flaws. They've engaged in serial harassment towards security researchers, including but not limited to people involved in the GrapheneOS project. We're not insinuating.
@jcast F-Droid should be discontinued and replaced with a project not run by people who are incredibly anti-security and involved in attacks on security projects and researchers. We're of course going to recommend against it.
@jcast Accrescent has standards for the apps which are included and is going to include tags for filtering based on which apps are open source, have reproducible builds, etc.
It is in an early phase where it's not open to all developers submitting their applications yet and doesn't have a lot of applications. It is intended to provide an open source, secure and trustworthy alternative the Play Store not a small catered repository of apps they want to promote.
Developers should be able to request an "open source" label for their app after it has been published (we can add label requests to the draft creation process later on). This request should then be...
This looks as ugly for WireGuard than for F-Droid.
WireGuard current app on Izzy repo for F-Droid does not tell users where it's updating from, does not ask for consent and it's opt-out. So there were clearly not happy about letting users know.
Not to diss WireGuard which is course an awesome project.
A growing number of Izzy repo apps are reproducible builds.
@jcast Izzy is directly involved in the attacks towards security researchers including extreme harassment aimed at silencing them. He participated in harassment towards a GrapheneOS community member leading to them deleting a post they made with accurate criticism of F-Droid. His repository isn't safe or trustworthy, and we strongly recommend our users avoid it for their safety. He has demonstrated extremely malicious behavior towards not just our project and team but our broader community.
I've read Izzy's comments on several forums for many years now, and I never witnessed nothing but either praise or constructive criticism of GOS.
Your mileage might vary, but from my perspective it just sounds you're each fiercely defending your ground. GOS focusing on security and FDroid on the 4 freedoms.
Izzy regularly spreads misinformation about GrapheneOS and has participated in harassment towards our team. Call it what you want, doesn't change what it is.
GrapheneOS is a privacy project. No matter how many times you folks misrepresent what it is and falsely claim it cares about security over privacy and all the other misinformation.
@jcast There isn't a controversy. A basic look through what we provide clearly shows it's a privacy project with a ton of work on privacy and also security to protect privacy. The only reason we work on security is to protect privacy. It's not clear why else we would be working on it. A major part of our work is defending people from exploits including widespread commercial exploit tools for remote exploits, exploiting devices from apps, forensic data extraction, etc. It was the original focus.
@jcast We did no such thing. You're downplaying extreme harassment towards our team. F-Droid keeps spreading fabricated stories about us and engaging in vile bullying including repeatedly calling one of our team members insane, delusional, schizophrenic, etc. with fabricated stories about them. An example of this by multiple members of the F-Droid team occurred around archive.ph/j7qql where they began engaging in harassment on Matrix due to technical discussion and then brought it there.
@jcast You can't see the full thing from that archive since it doesn't include where it started on Matrix but we do have another archive of that and subsequent harassment on Matrix, Telegram and elsewhere by multiple F-Droid project members. They engaged in a cover up, partly visible from the current version of the page. They've subsequently spread endless lies about what occurred as part of pretending to be victims and portraying someone as insane. That includes as recently as the past week.
@jcast See gitlab.com/ironfox-oss/IronFox… for an example of an other F-Droid developer playing the victim and spreading fabrications about the archived GitLab thread above. This is part of a very concerted effort by multiple F-Droid developers to spread fabricated stories about one of our developers while also engaging in vile bullying and harassment towards them. Every member of the F-Droid team stands behind this. This is a tiny little peek at the massive about of lies and harassment from them.
Are there plans to include IronFox as part of the official F-Droid repo, as Mull was? Otherwise, perhaps on IzzyOnDroid repo, or lastly a custom IronFox one? Even...
@jcast F-Droid's development team is thoroughly dishonest and do not truly care about anything more than themselves. They aren't in it to bring people freedom or privacy. They're in for themselves. They want power over people and they love exerting that power over a repository used by many people. None of them has stood up against extreme harassment. All of them are either directly involved or complicit. The harassment has targeted other people too, not only a GrapheneOS developer.
@jcast F-Droid developers have spread harassment content on YouTube very clearly consisting of spin and fabrications with the aim of harming GrapheneOS. They know that these things are lies but they do what is in their interest and harming GrapheneOS along with our development team is something they've decided to heavily commit to doing. Making accurate technical criticisms of F-Droid and pointing out their libel and harassment is not aggression. The thread above was made in response to attacks.
@jcast WireGuard openly implemented and documented a self-update system for their app. It's not their problem that F-Droid doesn't review things and ended up having an issue with it half a year later. Nearly all the users would have been updated to a version with it already so F-Droid dropping it wouldn't have cut off a large amount of the users from updates. F-Droid did cut some people off from updates. It shows one way their attempt at integrating reproducible builds is poorly thought out.
- FDroid review system is to say the least flawed. - Given that the new WG version on Izzy's repo does not even prompt the user for opt-out bg updates, WG chooses to be opaque (edit: to users), which I find concerning.
@jcast An app can't update itself without the user explicitly granting the update permission. The way unattended updates work is that apps granted that permission can do unattended updates for apps where they're the current installer already or for themselves. GrapheneOS is considering eliminating the special case where apps can do an unattended update for themselves after granting the permission before they already updated themselves once but it's a very minor thing and not clear we should.
In practical terms, this means WG installs from FDroid, using Izzy repo and updates in tje background without ever requesting user permission or producing a notification.
So it really sounds at this point you're purposedly misleading and obscuring this fact.
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
This process is completely opaque to the user, and no, an explicit permission for background updates is not requested at any point either by the installer or by the app itself.
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
@jcast No, that's not how it works on a basic level. You would to explicitly grant the privilege for installing packages to WireGuard in order for it to update itself. The permission for installing packages grants the ability to do unattended self-update and of other apps where the current installer is the app that's asking to do it.
@jcast WireGuard didn't hide anything about updates. It was implemented in the open and well documented. F-Droid does not actually do even basic review for updates despite acting as if they're defending users from developers. They only mislead people into believing they do. It is a clear example of how they do not actually do that and there are many others. Finding out an app broke a policy they have against self-updates half a year later shows they aren't even looking at changelogs.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
To provide some helpful context for other people, you've been repeatedly participating in targeting our team with harassment through spreading Kiwi Farms style content targeting them with spin and fabrications including from a Kiwi Farms user you support who regularly targets people in this way:
@Erklaerbaer Obtainium is a good concept, but it needs a more focused implementation based around shipping signed metadata with the locations for obtaining the apps and key fingerprints to bootstrap verification.
Accrescent will be providing a far larger selection of apps and tags for filtering based on whether they're open source, have reproducible builds, etc. It's in an early phase and is being built out. It needs people to support it, and unfortunately F-Droid folks are trying to harm it.
@dalias @a1ba @NebulaTide They did provide a code transparency system to prove the generated APKs match the provided code but it does not cover all the relevant forms of resources, just all the code, so we don't think it provides what is needed even if it was widely adopted to verify what's generated.
Google essentially moved to the system used by the Apple App Store where developers upload bundles of signed code which are then turned into the actual signed packages by Apple and Google.
@dalias @a1ba @NebulaTide Google hasn't forced existing apps to move to Play Signing. They do require it for all new apps. We entirely split the 3 apps we release on the Play Store from the ones we include in GrapheneOS and our app repository. There's the GrapheneOS variant of the apps with the normal app id like app.grapheneos.camera signed with our keys and then the Play variant with a suffix like app.grapheneos.camera.play with Play Signing, and we encourage people to use our App Store.
@dalias @a1ba @NebulaTide It would be nice if we were allowed to upload an app to the Play Store for bootstrapping downloading our App Store securely but their policies don't allow this. You can't install stuff from outside the Play Store that way, it has to be entirely user initiated such as a browser allowing installing APKs.
@dalias @a1ba @NebulaTide They sign the apps themselves with Play Signing which is mandatory for new apps. It doesn't involve transferring keys for new apps. Old apps aren't forced to use Play Signing but it's heavily encouraged to move to it. For old apps, it requires transferring your signing keys to them but it doesn't actually use them beyond updates to existing installs. Modern Android versions added key rotation support where APKs can provide a signed key rotation proof and change keys.
@a1ba @NebulaTide That's largely irrelevant. The big issues are that it allows them to forge future releases, and that, regardless of application, sharing or transferring private keys is an absolute cryptographic no-no.
@dalias @a1ba @NebulaTide The initial key rotation support (APK signing scheme v3) uncovered bugs in signature checks in the OS and throughout the Android app ecosystem so they made a new entirely identical version (v3.1) a couple OS releases later which is no different, it just avoids the bugs with earlier OS releases. That significantly delayed anyone using proper key rotation support. It was a factor in the Play Store adding Play Signing and making it mandatory. They still don't use this.
@dalias @a1ba @NebulaTide APK signing v3 with key rotation support is Android 9+ but it was problematic. It began fully working properly with Android 11+, preventing actually adopting it if you support below Android 11 as nearly all apps do. Android 13 fixed it with APK signing v3.1 but that's very recent and Play Signing had already been deployed and widely adopted. Play Signing rotation just moves to new keys for new installs. It will start using v3 signing to rotate on Android 11+ though.
@dalias @a1ba @NebulaTide Signal was using a RSA 1024 key for signing their app because Moxie unnecessarily used the bare minimum when they started as some kind of decision to not use stronger cryptography than required. From our perspective, considering that APK keys couldn't be rotated back then, that was a strange decision. That early decision recently forced Signal to move to Play Signing since the Play Store never added support for standard Android key rotation for developer signed apps.
@dalias @a1ba @NebulaTide There's a lot of pain releasing apps through the Play Store in general aside from this, but the same applies to most alternatives to it.
The delay for app review is at least generally down to around 1 day right now. There were times in the past where it took a week or more to get an update approved and there's no way to get it accelerated for a critical update.
There are some very painful policies and it can be very painful to get the allowed exceptions approved.
@dalias @a1ba @NebulaTide We haven't focused much on improving those standalone apps since OS improvements make a much bigger difference for GrapheneOS users and it's hard to build any kind of community with the Play Store users to get anything back from it. Our Camera app did end up with >5m downloads with >1m active users but it hasn't resulted in any contributions to it. We're going to start much more active work on it soon but odd form of success it had on the Play Store isn't a factor.
@NebulaTide @dalias Getting apps built and signed by developers is generally best because the middlemen aren't adding value for users. Play Store ruined things by moving away from that.
@bohwaz Posting accurate information is not aggression or toxic. F-Droid developers and their community have repeatedly engaged in actual harassment. You can keep playing the victim and spreading fabrications about people along with engaging in more extreme harassment including more swatting attacks. Spreading and supporting Kiwi Farms style harassment material makes you toxic. You are not the victim. Someone explaining real flaws in software doesn't make them an aggressor towards you or toxic.
He doesn't explain how is f-droid insecure and not trustworthy, so why should his words be trusted? I've been using it exactly because it is more eyes on top of code, minimizing the risk of malware. GitHub repos can be hijacked, so Obtainium is less secure. Be free to correct me. If you prove to me Obtainium with GitHub is more secure I'll switch to it (already use it for a few apps). F-droid actually pissed me off by having the wrong name for an update for an app and now it crashes because a build was skipped. I also use Droid-ify, not the official app.
@bea424ade017f724f328500662abafcfc27e2aea5a7bcb5cb3bcda50e8fea29f F-Droid has repeatedly introduced security vulnerabilities through downgrading dependencies and using outdated tools. They do not actually review the code of applications as you believe but rather do very limited automated scanning. A deliberate attempt at putting in a backdoor would make it through the scanning. They automatically fetch and build the code. They're an additional trusted party, not moving trust from devs to them.
@bea424ade017f724f328500662abafcfc27e2aea5a7bcb5cb3bcda50e8fea29f Our thread talks about how WIreGuard introduced a self-update mechanism which was openly implemented and documented, but F-Droid took half a year to notice despite it being a clear violation of the policy for their repository. They do not check the changelogs, let alone reviewing code. F-Droid developers have also repeatedly covered up vulnerabilities and attacked security researchers with harassment as misdirection from issues.
!RaccoonForFriendica Hi! Is it possible to use filters beside muted/blocked accounts for hashtags, words, phrases and such? I would like to filter out posts with special hashtags and words but not the whole account. Is this possible?
@Jonas ✅ As far as I know, it is not directly possible through the Mastodon APIs (even though in the web settings there seems to be some similar option).
But, as I've already done in the Lemmy "twin" app, it is certainly possible to add a client-side filter for certain "stopwords" and exclude all posts containing them from lists. It may be not so efficient but it should be effective.
A dois dias para entrada em vigor de lei israelense que proíbe atuação da maior agência da ONU em Gaza, chefe da agência pede apoio ao Conselho de Segurança a uma conclusão progressiva e ordenada do mandato; para Philippe Lazzarini, interrupção imediata…
A dois dias para entrada em vigor de lei israelense que proíbe atuação da maior agência da ONU em Gaza, chefe da agência pede apoio ao Conselho de Segurança a uma conclusão progressiva e ordenada do mandato; para Philippe Lazzarini, interrupção ime…
Exército quer captar 4 milhões pela Lei Rouanet para realização de shows e reforma de museu Dois projetos da instituição já foram aprovados para financiamento
A medida liminar foi tomada em resposta a um pedido apresentado pelo governo catarinense e permanecerá em vigor até o julgamento definitivo da Corte sobre lei que estabelece o marco temporal
The media in this post is not displayed to visitors. To view it, please go to the original post.
20% of the African diaspora in America are either immigrants or the children of immigrants—a shift reflected in what it means to be Black and Catholic on the Hill in 2025.
The 119th Congress commenced this month, and Black Catholics are once again few in number, with just two such legislators both serving in the House of Representatives.
Aquí tienes una descripción de texto alternativo para la imagen:
Un cartel anuncia un evento titulado "Otra Economía Está en Marcha", organizado por Economistas sin Fronteras. La imagen principal es un velocímetro estilizado, con una aguja apuntando a la fecha "28/29 de marzo de 2025". El evento tendrá lugar en La Maliciosa Ateneoan, Peñuelas Kalea 12, Madrid. Se incluye la frase "Save the Date".
Here is a description of the image: A fair-skinned person's hand, wearing a gold Claddagh ring and blue nail polish, gently holds a single acorn. The acorn is brown and tan with a fuzzy cap. The hand and acorn are in the foreground, with a blurry background showing a paved road and green trees.
Polícia Federal apresenta ao STF indícios de ocultação de joias sauditas envolvendo Fabio Wajngarten e Jair Bolsonaro
A Polícia Federal entregou ao Supremo Tribunal Federal indícios do envolvimento de Fabio Wajngarten na ocultação de joias sauditas recebidas durante o governo Bolsonaro. O inquérito aponta que as joias foram vendidas ilegalmente, gerando quase R$ 7 milhões. Mauro Cid confessou participação no esquema, enquanto Wajngarten e Bolsonaro negam as acusações.…
A taxa de aquecimento dos oceanos mais do que quadruplicou nos últimos 40 anos, o que motivou temperaturas oceânicas sem precedentes em 2023 e início de 2024, indica um estudo divulgado hoje.
The media in this post is not displayed to visitors. To view it, please go to the original post.
ANNUNCIO DISMISSIONE LIBREY
Purtroppo la scure di #google colpisce ancora e dopo invidious ha colpito anche il progetto librey che permetteva di fare ricerche accurate senza essere spiati.
Nessuna istanza #librey funziona al momento e lo sviluppatore pare averlo abbandonato da mesi. Quindi possiamo consigliare di migrare su searxng:
@DigiDavidex Immagine di uno schermo di telefono che mostra le impostazioni del motore di ricerca predefinito. Sono elencati diversi motori di ricerca, tra cui Google, Yahoo, Bing, DuckDuckGo, Ecosia, Qwant, Startpage, Amazon, eBay e Wikipedia. DuckDuckGo è selezionato come motore predefinito. È presente anche un'opzione per il widget di ricerca.
@DieDammerung @DigiDavidex i prootti Brave sono sempre eccellenti, il motore di ricerca sta migliorando tantissimo, probabilment è il miglior motore i ricerca fra quelli commerciali, sia per i risultati che a livello di privacy insieme a presearch.
@vanacksabbadium solo se hai impostato di cancellare i cookie ogni volta che chiudi il browser la configurazione ritorna a quella di prima. In ogni caso ti consigliamo di usare come motori google. bing e presearch per avere i migliori risultati.
@expansum librey era un motore che avevamo modificato per le nostre esigenze ma in ogni caso sono entrambi progetti open source e quindi sviluppati dalla community.
@DigiDavidex Ecco una descrizione del testo alternativo per l'immagine:
L'immagine mostra una schermata di un'app store che presenta il Brave Browser Web VPN Privato. Il logo di Brave (una testa di leone arancione) è in alto a sinistra. Sotto, il nome dell'app, la dicitura "VPN Privato", e il nome dello sviluppatore "Brave Software". Sono visibili informazioni aggiuntive, tra cui il numero di download (oltre 100 milioni), il voto medio degli utenti (4,8 stelle su 2 milioni di recensioni) e la classificazione PEGI 3. Un pulsante "Installa" è ben visibile al centro.
@DigiDavidex Ecco una descrizione dell'immagine per chi non può vederla:
L'immagine mostra una barra di navigazione in basso sullo schermo di un dispositivo. Sullo sfondo scuro ci sono cinque icone: una freccia che punta a sinistra, una freccia che punta a destra, un'icona di una casa, un'icona che rappresenta una pila di fogli con il numero 10 e infine un'icona di un profilo utente. Nella parte superiore è visibile parte di un indirizzo web, "radioanimati.it".
@devol@feddit.it@feddit.it prova ad usare SearxNG con solo Google come motore di ricerca, diventa molto più veloce! Brave è forse il migliore fra i motori commerciali insieme a presearch
Aos 83 anos, cercado por muros altos e câmeras de segurança e usando uma tornozeleira eletrônica, o goiano administra suas fazendas, seu centro espiritual e, agora, a venda das chamadas "camas de cristal", segundo reportagem publicada na semana passada pelo portal Metrópoles.
O jornalista Thalys Alcântara conta que João Teixeira coordena a fabricação e a venda internacional das tais camas, sobre as quais se dispõem luzes coloridas que serviriam para o alinhamento das energias. Por cada peça, adornada com o adesivo da Casa de Dom Inácio, ele chegaria a cobrar R$ 15,6 mil.
... Show more...
Cristina Fibe wrote:
Aos 83 anos, cercado por muros altos e câmeras de segurança e usando uma tornozeleira eletrônica, o goiano administra suas fazendas, seu centro espiritual e, agora, a venda das chamadas "camas de cristal", segundo reportagem publicada na semana passada pelo portal Metrópoles.
O jornalista Thalys Alcântara conta que João Teixeira coordena a fabricação e a venda internacional das tais camas, sobre as quais se dispõem luzes coloridas que serviriam para o alinhamento das energias. Por cada peça, adornada com o adesivo da Casa de Dom Inácio, ele chegaria a cobrar R$ 15,6 mil.
Há quase cinco anos preso em sua mansão em Anápolis (Goiás), João Teixeira de Faria, o autointitulado médium João de Deus, condenado por estuprar dezenas de fiéis, segue lucrando com seus negócios.
The media in this post is not displayed to visitors. To view it, please go to the original post.
Good morning Fedi friends!
ICYMI yesterday I created a "stock" photo for flagship Fediverse apps* - so that writers could use it to illustrate articles about the #Fediverse.
(*Lemmy is a shortcut to the Lemmy.world website.)
I applied the KISS principle (Keep It Simple) because mainstream media does such a terrible job covering the Fediverse. I didn't want to add extra complexity.
I have several commercial stock photo accounts, you've inspired me to create and upload some shots like this so that this sort of fediverse image is available where news orgs and magazines are looking for their images - even if it's "wildly successful" by modern stock image standards, at 10 cents per license, I'm estimating that my hourly rate for shooting, editing and uploading will be roughly 2.50 USD if I get lucky LOL.
🙃 I find that your picture with a blurred background gives it a 'slice of life' and natural effect, really neat. As in the Fedi is present in our everyday life.
That said, I share your struggles editing #Wikipedia and have only made minor typo-level edits, and added exactly one image to an article. AFAIK they're trying to improve the editing experience.
Sidenote: I am reassured that there are efforts to improve representation. The WikiEdu non-profit works with universities to turn Wikipedia editing into student projects! Such as improving #LGBTQ inclusion:
In the 1950’s, the Canadian government set forth a campaign that resulted in the mass expulsion of federal workers, military members, and police force members that identified as or were suspected o…
hey this is a neat idea! Put images of the Fediverse out there so that reporters lookoing for stock photos actually find a sensible version of what they're looking for. Maybe I should take some too, although I don't have any stock photo accounts 🤪️
@nclm Glad to see @nclm beat me to it! 😆 I just added a caption translation and extra info to the "Structured data" tab of the #Wikimedia photo so it can be (hopefully) more discoverable: commons.wikimedia.org/wiki/Fil…
BTW @_elena if you want, you could include links to your Fediverse profiles, website, etc. to your Wikimedia account page!
Really happy to see the #Fediverse and Wikimedia-verse #multiverse coming together. 😅
I'm still waiting for someone to add a link to fediverseexplorations.org to the English article about the fediverse, right now it's only on the German version 🙃
@nacly There's a bunch of us trying to make Wikimedia projects more inclusive! But we can always work harder at making our spaces friendlier for newcomers (sound familiar? 😉)
@claudinec Thank you for your efforts! 🙇♀️ Other than WikiEdu I referenced above ☝️, can you point to specific #Wikipedia / #Wikimedia initiatives that you're referring to?
@nacly On English Wikipedia, the Women in Red project works on creating new articles and increasing representation of notable women, trans and non-binary subjects. en.wikipedia.org/wiki/Wikipedi…
There may be similar initiatives in some of the other Wikipedias.
**🚀 DeepSeek: Capacidades reais vs. Exagero de marketing**
**Recursos reais (em 2024):** 1. **Velocidade e eficiência** - Processa consultas em **2-3 segundos**, correspondendo ao GPT-4 Turbo em benchmarks. - Lida com mais de 500 mil usuários simultâneos (comprovado em testes de estresse).
2. **Ferramentas de código e dados** - Integrado com **GitHub Copilot** para geração de código (Python, JS, Go). - Analisa planilhas/arquivos CSV em busca de padrões (semelhante à Análise avançada de dados do ChatGPT).
3. **Personalização** - Temas de interface ajustáveis e estilos de escrita (formal/casual). - Interação básica de voz via TTS (texto para fala).
4. **Foco na educação** - Resolução de problemas de matemática/ciências com explicações passo a passo. - Gamificação limitada (modos de teste p
... Show more...
(Traduzido no tradutor do google)
**🚀 DeepSeek: Capacidades reais vs. Exagero de marketing**
**Recursos reais (em 2024):** 1. **Velocidade e eficiência** - Processa consultas em **2-3 segundos**, correspondendo ao GPT-4 Turbo em benchmarks. - Lida com mais de 500 mil usuários simultâneos (comprovado em testes de estresse).
2. **Ferramentas de código e dados** - Integrado com **GitHub Copilot** para geração de código (Python, JS, Go). - Analisa planilhas/arquivos CSV em busca de padrões (semelhante à Análise avançada de dados do ChatGPT).
3. **Personalização** - Temas de interface ajustáveis e estilos de escrita (formal/casual). - Interação básica de voz via TTS (texto para fala).
4. **Foco na educação** - Resolução de problemas de matemática/ciências com explicações passo a passo. - Gamificação limitada (modos de teste para aprendizado de idiomas).
5. **Ética e privacidade** - Permite exclusão de dados (compatível com GDPR). - Modelo de código aberto disponível para uso não comercial.
---
**🚫 O que é exagerado na postagem original?** - **“IA empática”**: sem detecção de emoções — as respostas são lógicas, não emocionais. - **Geração 3D/RA/música**: não faz parte dos recursos atuais; depende de plug-ins de terceiros. - **“Modo econômico”**: economia de energia é padrão para otimização de nuvem (sem redução exclusiva de 40%). - **Recompensas NFT**: pura especulação; não há integração de blockchain.
---
**🔍 Por que o DeepSeek está ganhando força?** - **Acessibilidade**: nível gratuito + plano Pro de US$ 8/mês (vs. US$ 20 do ChatGPT). - **Foco de nicho**: melhor para codificadores/estudantes vs. abordagem generalista do GPT. - **Localização**: Suporta mais de 50 idiomas (incluindo hindi, árabe), mas dialetos raros exigem ajustes manuais.
---
**🌐 Feedback global do usuário** - *“O DeepSeek depurou meu código mais rápido que o Stack Overflow!”* – Desenvolvedor no Quênia. - *“Explica cálculo como um tutor, mas às vezes alucina com fórmulas.”* – Estudante no Brasil.
---
**📉 Limitações** - Fraco em escrita criativa (repete frases em textos longos). - Sem geração de imagens (ao contrário do DALL-E ou Midjourney). - Acesso limitado à API para startups.
---
**💡 Conclusão** O DeepSeek é uma **IA prática e econômica para tecnologia/educação**, não uma revolução de ficção científica. Sua ascensão reflete a demanda por ferramentas especializadas, não a superioridade absoluta sobre o ChatGPT.
**Experimente aqui**: [DeepSeek.ai](deepseek.ai) *Sempre verifique as alegações com documentos oficiais!* 🔍
Aquí hay una descripción de texto alternativo para la imagen:
Una imagen modificada de un mapa del Golfo de México. Sobre el Golfo, en letras mayúsculas negras, se lee "GOLFO DE MASCULINIDAD FRÁGIL". El mapa muestra partes de los Estados Unidos, México y Cuba, con varias ciudades etiquetadas. El texto sobre el Golfo es la parte principal de la imagen.
Aquí hay una descripción de texto alternativo para la imagen:
La imagen es una modificación de un mapa del Golfo de México. Sobre el Golfo, en letras grandes y negritas, se lee "Golfo de Masculinidad Frágil". El mapa muestra partes de Estados Unidos, México y Cuba, incluyendo ciudades como Nueva Orleans, Houston, Mérida y La Habana.
Velocidade Reduzida Devido à Falta de energia elétrica na estação JARDIM SÃO PAULO - AYRTON SENNA, circulação com velocidade reduzida e maior tempo de parada. Estamos trabalhando para a normalização.
The last two posts I've seen of yours are surprisingly non-partisan.
Good job.
That actually happened to me irl with a Chinese lecturer on the subject of religion. The disheartening part wasn't her censorship, but that the Americans in the university audience didn't understand.
but is that really relevant? That seems like a constraint added to their implementation of the open sourced code that happens to require a lot less investment than competing models. What's to prevent someone else from spinning up their own? Sure it's a lot of money for you and I, but on the scale of AI investment so far it seems like it could be pocket change.
Vietnam’s Drivers, Facing Steep Fines, Are Minding the Rules of the Road
Vietnam’s motorbike drivers have always tended to treat red lights as suggestions, more slow down than stop. At rush hour, they’ve brought the same indifference to other rules, like: Yield to pedestrians; or, stay off sidewalks; or, do not drive against the flow of traffic. Some found it charming, the ballet of many wheels dancing around pedestrians. But Vietnam’s road fatality rates have long…
Vietnam’s motorbike drivers have always tended to treat red lights as suggestions, more slow down than stop. At rush hour, they’ve brought the same indifference to other rules, like: Yield to pedes…
The media in this post is not displayed to visitors. To view it, please go to the original post.
🌐 Bloque la pub sur internet et passe le bloqueur à tes voisin·es ! 📣 Faisons simple et efficace. Suis ce lien et surtout partage le. 👉 bloquelapub.net/
Le sais-tu ? En 2023, seuls 34,3 % des internautes 🛜 utilisent un bloqueur de publicité. 📵 Ce 28 janvier 2025 est la journée européenne de protection des données, A cette occasion, avec @LaQuadrature , @Framasoft et @ritimo , nous vous recommandons d'installer un bloqueur de pub ! antipub.org/bloque-la-pub-inte… #bloquelapub #publicité
Guns, votes and violence: armed Muslim rebels threaten Philippines midterms
Thousands of former fighters from the Philippines’ biggest Muslim separatist group remain armed and unaccounted for, prompting fears of unrest in a region already marred by political tension and fragile peace during the country’s coming midterm elections. The Moro Islamic Liberation Front (MILF) signed a landmark peace deal with Manila in 2014, trading its insurgency for autonomous governance…
Thousands of former fighters from the Philippines’ biggest Muslim separatist group remain armed and unaccounted for, prompting fears of unrest in a region already marred by political tension and fr…
Transcrição do áudio fornecida por @Altbot, gerada usando Gemini:
Em nome do Pai, do Filho e do Espírito Santo. Amém.
Salmo 94/95 Vinde, exultemos em Javé, aclamemos o rochedo da nossa salvação. Vamos ao encontro dele com cantos de ação de graças, demos a ele gritos de alegria. Porque Javé é um Deus grande e rei admirável acima de todos os deuses. Porque nas mãos dele estão as profundezas da terra e as alturas das montanhas lhe pertencem. O mar é dele, pois foi ele quem o fez e a terra firme foram suas mãos que a modelaram. Entremos,
Transcrição do áudio fornecida por @Altbot, gerada usando Gemini:
Em nome do Pai, do Filho e do Espírito Santo. Amém.
Salmo 94/95 Vinde, exultemos em Javé, aclamemos o rochedo da nossa salvação. Vamos ao encontro dele com cantos de ação de graças, demos a ele gritos de alegria. Porque Javé é um Deus grande e rei admirável acima de todos os deuses. Porque nas mãos dele estão as profundezas da terra e as alturas das montanhas lhe pertencem. O mar é dele, pois foi ele quem o fez e a terra firme foram suas mãos que a modelaram. Entremos, prostremo-nos, dobremos os joelhos, bendigamos diante de Javé que nos fez, pois ele é o nosso Deus e nós somos o povo do seu rebanho, a ovelha conduzida por suas mãos. Oxalá vocês escutem hoje a sua voz. Não fechem o coração, como aconteceu em Meriba, como no dia de Massa no deserto, quando os pais de vocês me puseram à prova e me tentaram, apesar de terem visto as minhas obras. 40 anos aquela geração me desgostou, então eu disse: É um povo de coração estraviado que não reconhece os meus caminhos. Por isso eu jurei na minha ira: Eles não entrarão no meu repouso. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém.
Salmo 84/85 Favoreceste Javé a tua terra, fizeste voltar os cativos de Jacó. Perdoaste a culpa do teu povo e encobriste todos os seus pecados. Retiraste toda a tua raiva, acalmaste o furor da tua ira. Faz-nos retornar, ó Deus, nosso salvador, e anula a tua raiva contra nós. Estarás irado contra nós para sempre? Prolongarás a tua ira de geração em geração? Não vais restituir as nossas vidas para que o teu povo se alegre em ti? Javé, manifesta o teu amor e concede-nos a tua salvação. Escutareis o que Javé, Deus, está dizendo. Eis que ele anuncia a paz ao seu povo e seus fiéis, aos que voltam de coração ao Senhor. Sim, a salvação está próxima dos que o temem e a glória habitará em nossa terra. Fidelidade e verdade se encontram, justiça e paz se beijam. A verdade brotará da terra e a justiça se inclinará lá dos céus. Javé, ele mesmo nos dará o que é bom e nossa terra dará sua colheita. A justiça andará à frente dele a fim de lhe preparar o caminho para os seus passos. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém.
Salmo 66/67 Deus, tenha piedade de nós e nos abençoe, faça brilhar a sua face sobre nós, para que se conheça na terra o teu caminho e em todas as nações a tua salvação. Que os povos te celebrem, ó Deus, que todos os povos te celebrem. Alegrem-se e deem gritos de júbilo as nações, porque julgas os povos com justiça, reges os povos com retidão, diriges em toda a terra as nações. Que os povos te celebrem, ó Deus, que todos os povos te celebrem. A terra deu sua colheita e Deus, o nosso Deus, nos abençoe. Deus nos abençoe e o temam em todos os confins da terra. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém.
Em nome do Pai, do Filho e do Espírito Santo. Amém.
Tomás de Aquino, em italiano Tommaso d'Aquino (Roccasecca, 1225 – Fossanova, 7 de março de 1274), foi um frade católico italiano da Ordem dos Pregadores (dominicano)[2][3] cujas obras tiveram enorme influência na teologia e na filosofia, principalmente na tradição conhecida como Escolástica, e que, por isso, é conhecido como "Doctor Angelicus", "Doctor Communis" e "Doctor Universalis".[4][a] "Aquino" é uma referência ao condado de Aquino, uma região que foi propriedade de sua família até 1137. Tomás de Aquino tinha abordagens diferentes para com seus antecedentes como Agostinho de Hipona, pois conciliava a fé com a razão. Seu pensamento teológico e filosófico inspiraram inúmeras gerações de pensadores. Seu magnum opus é chamado Suma Teológica.[5]
Ele foi o mais importante proponente clássico da teologia natural e o pai do tomismo. Sua influência no pensamento ocidental é considerável e muito da filosofia moderna foi concebida como desenvolvimento ou oposição de suas ideias, particularmente na ética, lei natural, metafísica e teoria política. Ao contrário de muitas correntes da Igreja na época,[6] Tomás abraçou as ideias de Aristóteles - a quem ele se referia como "o Filósofo" - e sintetizou a filosofia aristotélica com os princípios do cristianismo. As obras mais conhecidas de Tomás são a "Suma Teológica" (em latim: Summa Theologiae) e a "Suma contra os Gentios" (Summa contra Gentiles). Seus comentários sobre as Escrituras e sobre Aristóteles também são parte importante de seu corpus literário. Além disso, Tomás se distingue por seus hinos eucarísticos, que ainda hoje fazem parte da liturgia da Igreja.[7]
Tomás é venerado como Santo pela Igreja Católica e é tido como o professor modelo para os que estudam para o sacerdócio por ter atingido a expressão máxima tanto da razão natural quanto da teologia especulativa. O estudo de suas obras há muito tempo tem sido o cerne do programa de estudos obrigatórios para os que buscam as ordens sagradas (como padres e diáconos) e também para os que se dedicam à formação religiosa em disciplinas como filosofia católica, teologia, história, liturgia e direito canônico.[8] Tomás foi também proclamado Doutor da Igreja por Pio V em 1568.
Claro, aqui está uma transcrição do áudio fornecido:
Em nome do Pai, do Filho e do Espírito Santo. Amém. Salmo 94, 95: Vinde, exultemos em Javé, aclamemos o rochedo da nossa salvação. Vamos ao encontro dele com cantos de ação de graças, demos a ele gritos de alegria. Porque Javé é um Deus grande e rei admirável acima de todos os deuses. Porque nas mãos dele estão as profundezas da terra e as alturas das montanhas lhe pertencem. O mar é dele, pois foi ele quem o fez e a terra firme foram suas mãos que a modelaram. Entremos, prostremo-nos, dobremos os joelhos, bendigamos diante de Javé que nos fez, pois ele é o nosso Deus e nós somos o povo do seu rebanho, a ovelha conduzida por suas mãos. Oxalá vocês escutem hoje a sua voz. Não fechem o coração, como aconteceu em Meriba, como no dia de Massa no deserto, quando os pais de vocês me puseram à prova e me tentaram, apesar de t
... Show more...
Claro, aqui está uma transcrição do áudio fornecido:
Em nome do Pai, do Filho e do Espírito Santo. Amém. Salmo 94, 95: Vinde, exultemos em Javé, aclamemos o rochedo da nossa salvação. Vamos ao encontro dele com cantos de ação de graças, demos a ele gritos de alegria. Porque Javé é um Deus grande e rei admirável acima de todos os deuses. Porque nas mãos dele estão as profundezas da terra e as alturas das montanhas lhe pertencem. O mar é dele, pois foi ele quem o fez e a terra firme foram suas mãos que a modelaram. Entremos, prostremo-nos, dobremos os joelhos, bendigamos diante de Javé que nos fez, pois ele é o nosso Deus e nós somos o povo do seu rebanho, a ovelha conduzida por suas mãos. Oxalá vocês escutem hoje a sua voz. Não fechem o coração, como aconteceu em Meriba, como no dia de Massa no deserto, quando os pais de vocês me puseram à prova e me tentaram, apesar de terem visto as minhas obras. 40 anos aquela geração me desgostou, então eu disse: É um povo de coração estravagado que não reconhece os meus caminhos. Por isso eu jurei na minha ira: Eles não entrarão no meu repouso. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém. Salmos 84, 85: Favoreceste Javé a tua terra, fizeste voltar os cativos de Jacó. Perdoaste a culpa do teu povo e encobriste todos os seus pecados. Retiraste toda a tua raiva, acalmaste o furor da tua ira. Faz-nos retornar, ó Deus, nosso salvador, e anula a tua raiva contra nós. Estarás irado contra nós para sempre? Prolongarás a tua ira de geração em geração? Não vais restituir as nossas vidas para que o teu povo se alegre em ti? Javé, manifesta o teu amor e concede-nos a tua salvação. Escutareis o que Javé, Deus, está dizendo. Eis que ele anuncia a paz ao seu povo e seus fiéis, aos que voltam de coração ao Senhor. Sim, a salvação está próxima dos que o temem e a glória habitará em nossa terra. Fidelidade e verdade se encontram, justiça e paz se beijam. A verdade brotará da terra e a justiça se inclinará lá dos céus. Javé, ele mesmo nos dará o que é bom e nossa terra dará sua colheita. A justiça andará à frente dele a fim de lhe preparar o caminho para os seus passos. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém. Salmo 66, 67: Deus, tenha piedade de nós e nos abençoe, faça brilhar a sua face sobre nós, para que se conheça na terra o teu caminho e em todas as nações a tua salvação. Que os povos te celebrem, ó Deus, que todos os povos te celebrem. Alegrem-se e deem gritos de júbilo as nações, porque julgas os povos com justiça, reges os povos com retidão, diriges em toda a terra as nações. Que os povos te celebrem, ó Deus, que todos os povos te celebrem. A terra deu sua colheita e Deus, o nosso Deus, nos abençoe. Deus nos abençoe e o temam em todos os confins da terra. Glória ao Pai, ao Filho e ao Espírito Santo. Como era no princípio, agora e sempre. Amém. Em nome do Pai, do Filho e do Espírito Santo. Amém.
Na igreja dos franciscanos que fica no Largo de São Francisco, do lado da faculdade de direito.
1: Eu imagino que a probabilidade de que essa igreja se chame "Igreja de São Francisco" seja gigantesca, mas, em minha defesa, ela fica colada em outra igreja e uma das duas se chama "Igreja do Pai Seráfico" ou alguma coisa assim mas eu não sei qual é qual, e nem toda igreja de franciscanos se chama s. fco.: tem uma que é de uma dissidência franciscana lá na Brigadeiro que se chama "N. Sra. da Conceição" ou algum outro título da Virgem Maria).
2: Não sei que santa é esta, só sei que a imagem desta estátua dentro do nicho antes de acenderem as luzes da igreja pra missa fica muito bonita.
... Show more...
Na igreja dos franciscanos que fica no Largo de São Francisco, do lado da faculdade de direito.
1: Eu imagino que a probabilidade de que essa igreja se chame "Igreja de São Francisco" seja gigantesca, mas, em minha defesa, ela fica colada em outra igreja e uma das duas se chama "Igreja do Pai Seráfico" ou alguma coisa assim mas eu não sei qual é qual, e nem toda igreja de franciscanos se chama s. fco.: tem uma que é de uma dissidência franciscana lá na Brigadeiro que se chama "N. Sra. da Conceição" ou algum outro título da Virgem Maria).
2: Não sei que santa é esta, só sei que a imagem desta estátua dentro do nicho antes de acenderem as luzes da igreja pra missa fica muito bonita.
Descrição da imagem: A imagem mostra uma estátua de uma mulher em uma vestimenta longa, segurando uma cruz, dentro de uma vitrine de vidro em um nicho arqueado. A estátua é escura, talvez bronze ou outro metal escuro, e está sobre um pedestal branco. Há um arranjo floral seco no canto inferior direito da vitrine. A vitrine está localizada em uma estrutura escura, possivelmente uma igreja, com bancos de madeira escura em primeiro plano, sugerindo um ambiente religioso. A iluminação é suave e difusa, com a estátua levemente iluminada.
Claro, aqui está uma descrição de texto alternativo para a imagem:
A imagem mostra uma estátua de uma mulher religiosa em um nicho de vidro. Ela está vestindo uma roupa longa e segurando uma cruz. Há um vaso de flores secas e um pouco de grama próxima à estátua. A estátua está em um pedestal branco dentro de um nicho de vidro em uma parede arqueada. A imagem também mostra bancos de madeira escura em primeiro plano, sugerindo um ambiente religioso, possivelmente uma igreja ou capela. A iluminação é suave e difusa.
Aqui está uma descrição de texto alternativo para a imagem:
A imagem mostra uma estátua de uma mulher em uma vestimenta longa, segurando uma cruz, dentro de uma vitrine de vidro em um nicho arqueado. A estátua é escura, talvez bronze ou outro metal escuro, e está sobre um pedestal branco. Há um arranjo floral seco no canto inferior direito da vitrine. A vitrine está localizada em uma estrutura escura, possivelmente uma igreja, com bancos de madeira escura em primeiro plano, sugerindo um ambiente religioso. A iluminação é suave e difusa, com a estátua levemente iluminada.
Nos últimos dias os primeiros aviões com imigrantes ilegais saíram dos EUA para levá-los a seus países de origem. No Brasil, chegaram 88 deportados tendo como destino final o aeroporto de Confins, em Minas Gerais. Antes, o voo fez uma parada em Manaus, quando o governo brasileiro ordenou que o avião norte-americano fosse substituído por um da FAB, alegando que a situação a que os brasileiros estavam submetidos rompia o acordo de deportação entre os dois países.
A deportação de imigrantes ilegais abriu uma crise ainda maior entre a nova administração de Trump e outro país da América Latina. O presidente da Colômbia, Gustavo Petro, proibiu a entrada de aviões dos EUA transportando colombianos. Trump reagiu e ameaçou impor sanções à Colômbia, um antigo aliado norte-americano na região.
Para entender
... Show more...
A crise dos deportados dos EUA
O Assunto wrote:
Nos últimos dias os primeiros aviões com imigrantes ilegais saíram dos EUA para levá-los a seus países de origem. No Brasil, chegaram 88 deportados tendo como destino final o aeroporto de Confins, em Minas Gerais. Antes, o voo fez uma parada em Manaus, quando o governo brasileiro ordenou que o avião norte-americano fosse substituído por um da FAB, alegando que a situação a que os brasileiros estavam submetidos rompia o acordo de deportação entre os dois países.
A deportação de imigrantes ilegais abriu uma crise ainda maior entre a nova administração de Trump e outro país da América Latina. O presidente da Colômbia, Gustavo Petro, proibiu a entrada de aviões dos EUA transportando colombianos. Trump reagiu e ameaçou impor sanções à Colômbia, um antigo aliado norte-americano na região.
Para entender as regras para o uso de algemas e os procedimentos de deportação, Natuza Nery entrevista Paulo Abrão, Secretário Nacional de Justiça entre 2011 e 2014, e atual diretor executivo do Washington Brazil Office. Depois, para entender os reflexos dessa crise na América Latina, a conversa é com João Paulo Charleaux, jornalista e analista político, autor do livro "Ser estrangeiro - migração, asilo e refúgio ao longo da história".
O exército do Uruguai anunciou que as forças armadas da República Democrática do Congo (RDCongo) e o grupo armado Movimento 23 de Março (M23) chegaram a um acordo de cessar-fogo, mediado pela missão da ONU.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •F-Droid has incredibly poor security practices and a strong anti-security attitude held by most of the people involved. They've consistently engaged in coverups of vulnerabilities and targeting multiple security researchers with libel and harassment.
It's a massive single point of failure and not worthy of the trust many people are placing in it. It's adding another trusted party compared to using the apps built and signed by the developers. It is not avoiding trust in the developers of apps.
reshared this
LadyStork reshared this.
Chris
in reply to GrapheneOS • • •Linux and praxis: part of the resistance 🇵🇸 ☮️
in reply to Chris • • •That's precisely the question.
Sheogorath
in reply to GrapheneOS • • •The risks F-Droid excels in managing by being a curated app store is protection from scam and phishing apps.
I know of not a single case where a fake or scam app has been part of F-Droid, which makes it a lot easier to recommend.
Do you have any good alternative curated app store?
GrapheneOS
in reply to Sheogorath • • •GrapheneOS
in reply to GrapheneOS • • •@sheogorath It's curated in the sense that they only have open source apps in it. They don't have any real standards beyond stuff being fully open source. The selection of apps is very arbitrary and tons of high quality modern apps are not included in it while tons of obsolete and insecure apps are included. Some apps which would be fine to use are not because they end up doing weird things like downgrading the dependencies
F-Droid has absolutely had fake/scam apps including of one of ours.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •Regularly not shipping critical Firefox security patches for months is the norm for the main F-Droid repository. Whether or not they sign the apps themselves as they do for the vast majority of apps, updates can be indefinitely delayed based on issues with their outdated infrastructure or their Debian-style downstream patches needing to be updated.
For the small subset signed by the app developers, many kinds of disagreements between F-Droid and developers will mean an end to receiving updates.
Felix
in reply to GrapheneOS • • •You are not the only ones that struggle with f-droid. (There is an ongoing struggle to fix certificate pinning by f-droid by a former maintainer, which has neither been acknowledeg nor accepted).
But the question is: what alternatives are there? As far as i can tell, f-droid is the only large scale-repository of open source apps there is.
GrapheneOS
in reply to Felix • • •@newhinton F-Droid doesn't actually package as much of the open source Android app ecosystem as people think it does and a lot of what are packaged are obsolete, unmaintained apps instead of the many high quality ones which aren't in it.
F-Droid stands in the way of better solutions being developed and adopted. It existing is the problem. It stops a group of people who actually care about providing proper updates, security, etc. making something better.
GrapheneOS
in reply to GrapheneOS • • •Alex L 🕊 🇵🇸
in reply to GrapheneOS • • •@newhinton
I think you should stick to technical objective criticism. If you want to move to social science speculations then I reply that messages like this weakens your point.
GrapheneOS
in reply to Alex L 🕊 🇵🇸 • • •GrapheneOS
in reply to GrapheneOS • • •Alex L 🕊 🇵🇸
in reply to GrapheneOS • • •@newhinton
The evil marketing department of F-Droid Inc. is preventing better alternatives to be known... no wait, no even *exist* because security experts feel defeated from the start. This is what your whining sounds like.
The reality? Those security experts just don't volunteer.
GrapheneOS
in reply to Alex L 🕊 🇵🇸 • • •Alex L 🕊 🇵🇸
in reply to GrapheneOS • • •@newhinton
Oh come on, it's FOSS we are talking about, just fork or start your project. In fact I never said they should contribute to F-droid specifically if they don't want to.
Marcello
in reply to Felix • • •@newhinton
I use Neo Store, but I'm not entirely sure if it is a valid alternative or just a reskin of sort of F-Droid.
There's Obtainium as well but that's a different beast entirely.
GrapheneOS
in reply to Marcello • • •Luce
in reply to Felix • • •@newhinton There is a new project here accrescent.app/
I don't know much about it, can't verify anything, just heard about it
Accrescent
AccrescentGrapheneOS
in reply to Luce • • •@Kulei @newhinton We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
Luce
in reply to GrapheneOS • • •Isn't Obtainium just worse than F-Droid? Considering that F-Droid atleast does some of the antivirus scanning and such. It's very difficult to verify whether an app is secure or private (even for people that trust aGPLv3 or just open-source apps intrinsically more than proprietary ones there is no guarantee of safety or privacy).
F-Droid still does better checks than something like Play Store, right?
GrapheneOS
in reply to Luce • • •@Kulei @newhinton
> Isn't Obtainium just worse than F-Droid?
No, since it avoids added another trusted party which has proven to be highly untrustworthy.
> antivirus scanning
It's performative.
> F-Droid still does better checks than something like Play Store, right?
F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
Luce
in reply to GrapheneOS • • •j@mastodon
in reply to GrapheneOS • • •@Kulei @newhinton
Obtanium just allows you to install any random app from a git page.
Super dismissive of the work FDroid puts into curation, however faulty it may be.
BohwaZ reshared this.
LisPi
in reply to GrapheneOS • • •> F-Droid doesn't have a target API level standard or other basic standards that the Play Store and Accrescent enforce. They don't do any serious review, it's the same largely imaginary system as the Play Store in that regard.
Isn't it supposed to be possible to target older APIs even in current builds?
GrapheneOS
in reply to LisPi • • •Felix
in reply to LisPi • • •@lispi314 @Kulei I think they meant the target api that should always be the latest available, ideally.
In android you have targetSdk and minSdk.
I think minSdk can be as low as you want, but targetSdk should be always as high as possible.
This way the app is still up-to-date security-wise, even if it still works on older sdks.
If you have a targetSdk that is too low, you are likely pulling in security issues with those sdk's
GrapheneOS
in reply to Felix • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •CryptGoat
in reply to GrapheneOS • • •While I appreciate bringing up the security concerns the existence of alternatives to #FDroid I do not think we have those when it comes to pure FOSS apps without the usual big corporate trackers/libs. #Accrescent lists a few apps and fails to provide relevant information about them (such as requested permissions). E.g. #Qlango includes multiple tracking libraries by #Meta / #Facebook and doesn't look like it is FOSS to any degree. Even while the #FDroid repo is not carefully curated I don't run into traps like these. 🤷
There is a need for a curated and maintained FOSS app repo and currently there is nobody but @fdroidorg providing it. #Obtainium, #Accrescent are mostly option for expert users who exactly know who to trust and what they are looking for. @Kulei @newhinton
Andreas Albrecht
in reply to CryptGoat • • •#Accrescent IMO absolutely needs
- better description of app
- permissions list
- license info of app
- download size of apk
- website link if available
- (minimum Android sdk)
@cryptgoat @mynacol @GrapheneOS @fdroidorg @Kulei @newhinton
Accrescent
in reply to Andreas Albrecht • • •Andreas Albrecht
in reply to Accrescent • • •@accrescent Sounds great. I am looking forward to it. Thanks for #Accrescent and contributing to the #FLOSS community. I greatly appreciate that.
Adding an info whether an app is FLOSS is helpful.
elgregor
in reply to GrapheneOS • • •@Kulei @newhinton What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
GrapheneOS
in reply to elgregor • • •@elgregor @Kulei @newhinton
> What checks does Accrescent perform other than enforcing a minimum API level? I assume more checks than Google Play, but what are they?
You can read about their requirements on their site. They have a system for tagging apps that's being implemented for marking which ones are open source, have reproducible builds, etc. If you only want to use it for open source apps, you'll be able to do that. Apps being open source does not mean other standards aren't relevant.
GrapheneOS
in reply to GrapheneOS • • •@elgregor @Kulei @newhinton
> F-Droid has a warning like "this app was built for an older Android version and cannot be updated automatically" (rough translation). I assume this refers to the app targeting an old API level?
Apps with an ancient target API level aren't possible to fully automatically update. This is F-Droid warning that their automatic updates don't fully work due to not complying with that minimum target API expectations, not them adding a warning about target API level.
David Chisnall (*Now with 50% more sarcasm!*)
in reply to GrapheneOS • • •GrapheneOS
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •GrapheneOS
in reply to GrapheneOS • • •David Chisnall (*Now with 50% more sarcasm!*)
in reply to GrapheneOS • • •Well that's sad. Having to implement your own updater in every app is annoying when F-Droid can just do it from a bunch of repos. It would be nice if there were a simple generic solution that let you bootstrap a single updater app and then add repos.
For traditional UNIX systems, there's a big benefit in having a single repo, because you distribute a load of shared libraries and you want a consistent build of all dependencies. With Android / F-Droid, each app is totally independent (or depends on things via late-bound intents) and so there's no real benefit from the centralisation, other than needing to deal with people who have the kind of purist views that put off users.
GrapheneOS
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •@david_chisnall F-Droid isn't updated dependencies across apps and has even down downgrades of security critical dependencies which introduced security vulnerabilities to apps again.
Traditional Linux distribution repositories have been moving away from working that way though with packaging systems like Snap and Flatpak along with projects having dependencies done in a way they're not good at handling. Distributions aren't really capable of dealing with all the dependencies in practice.
GrapheneOS
in reply to GrapheneOS • • •kuijsten
in reply to GrapheneOS • • •I wouldn't put Go and node.js in the same category when it comes to dependency culture. Also,
go buildwill put all dependencies in one binary.@david_chisnall
GrapheneOS
in reply to kuijsten • • •ejim
in reply to GrapheneOS • • •I wouldnt want to give any app the permission to install anything
David Chisnall (*Now with 50% more sarcasm!*)
in reply to ejim • • •ejim
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •Users may be tricked to install an app. E.g. imagine a cookie clicker game that opens an install prompt.
GrapheneOS
in reply to ejim • • •@ejim @david_chisnall GrapheneOS has been changing these interfaces for permissions, ADB key approval, etc. to have a 1 second delay before it can be approved to avoid this issue.
Either way, you already have the app installed so it can run arbitrary code. If it has network access it can download and run code or change the existing code's behavior based on our. Our dynamic code execution restrictions prevent running dynamic native code or loading classes with the Android Runtime, not all code.
GrapheneOS
in reply to GrapheneOS • • •j@mastodon
in reply to GrapheneOS • • •F-Droid never shipped Firefox.
Do you mean Fennec Fdroid?
j@mastodon
in reply to j@mastodon • • •Oh and btw
avg 4d 1h 49min 3s
max 1w 18h 51min 8s
min 22h 19min 51s
gitlab.com/ironfox-oss/IronFox…
Inclussion into official F-Droid? (#7) · Issues · IronFox OSS / IronFox · GitLab
GitLabGrapheneOS
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •guenther
in reply to GrapheneOS • • •@jcast
fwiw, they do ship an app called FFUpdater, which, as far as its UI suggests, downloads the packages from Mozilla/Github. Updates are still manual, though does mostly cut out the F-Droid-in-the-middle.
thePR0M3TH3AN ✝️ 🥩 🍊
in reply to GrapheneOS • • •Owen
in reply to thePR0M3TH3AN ✝️ 🥩 🍊 • • •For apps that are signed by the npubs of the developers you know and trust, I understand it to be a better alternative. It will be amazing once all apps are signed by dev npubs.
AFAIK apps that at signed by ZapStore are requiring you to trust Zapstore's build processes, similar to Fdroid.
GrapheneOS
in reply to Owen • • •@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
GrapheneOS
in reply to GrapheneOS • • •@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
Billie
in reply to GrapheneOS • • •@eee8f90244589abc852b024493a077522157057e6d565788d8d09473b81d14a9 @78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d @a4a6b5849bc917b3befd5c81865ee0b88773690609c207ba6588ef3e1e05b95b
Accrescent requires developers to log in with a github account not giving alternatives. So you basically need to agree to some st***d tos from a us big tech company to publish an app? This is a complete fail, so no alternative to fdroid, sorry.
idkrn
in reply to Billie • • •bf3307b981eb48d73577851d055a1d3461f2c7cb2eff9eea6162bb0e13393d02
in reply to GrapheneOS • • •GrapheneOS
in reply to bf3307b981eb48d73577851d055a1d3461f2c7cb2eff9eea6162bb0e13393d02 • • •GrapheneOS
in reply to GrapheneOS • • •BitcoinJujitsu
in reply to GrapheneOS • • •GrapheneOS
in reply to BitcoinJujitsu • • •GrapheneOS
in reply to GrapheneOS • • •menschmeier
in reply to GrapheneOS • • •@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a
GrapheneOS
in reply to menschmeier • • •Josh Fabean
in reply to BitcoinJujitsu • • •GrapheneOS
in reply to Josh Fabean • • •@d4c97d420f3a70722da9c67245b2d9b3da75bf3d9b795e8f8b42c322c7f96593 @001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a
> Accrescent (from Graphene OS),
Accrescent is not from GrapheneOS. It's a third party project. We mirror it in our app store so people can obtain it securely and then use it to get apps like Molly with a chain of trust from GrapheneOS.
BitcoinJujitsu
in reply to Josh Fabean • • •GrapheneOS
in reply to BitcoinJujitsu • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •@001863c7837dc05c768e4ed8d6ab2dd65d5f6af9df7e2a93190acf7f4a915c7a @d4c97d420f3a70722da9c67245b2d9b3da75bf3d9b795e8f8b42c322c7f96593 Even first party app stores built into the OS can't bypass the standard package manager signing rules. The OS itself provides a strong Trust On First Use model through this.
Verifying the download for the initial install is what's left up to the way the app is being obtained. As an example, our App Store has signed metadata with a timestamp and hashes of the APKs.
Wondrej₿tc
in reply to GrapheneOS • • •When we are pointing out that harassing, did u tried to black mail them 🤭🤭
Its weird to read this by GraphenOs profile 🤣🤣🤣🤣
One of my fav comments under one random YouTube video-
“One of the inherent advantages of Open Source is that when a project needs new leadership, but the current leadership doesn't recognize that fact, the project can simply be forked, perpetuating the good idea and leaving the failed leaders to howl into the abyss until / unless they decide to grow up.”
GrapheneOS
in reply to Wondrej₿tc • • •Sats-uma Stacker
in reply to GrapheneOS • • •GrapheneOS
in reply to Sats-uma Stacker • • •1
in reply to GrapheneOS • • •GrapheneOS
in reply to 1 • • •- YouTube
www.youtube.comMatija Nalis
in reply to GrapheneOS • • •- YouTube
www.youtube.comBohwaZ reshared this.
GrapheneOS
in reply to Matija Nalis • • •Cassandrich
Unknown parent • • •GrapheneOS
in reply to Cassandrich • • •GrapheneOS
in reply to GrapheneOS • • •@dalias @NebulaTide Play Store used to be a way to obtain developer builds of apps signed by the developers but has moved away from it and the code transparency system they provide isn't a complete solution to verifying what they generate and sign from the app bundles uploaded by developers.
For our own app repository, we don't want to build thousands of open source apps largely not aligned with our approach, especially without doing a pass updating dependencies and adding basic hardening.
GrapheneOS
in reply to GrapheneOS • • •@dalias @NebulaTide Accrescent is a project we recommend as an open source replacement for what the Play Store used to be but it's still in an early phase without a lot of apps. Makes sense to use it for the apps in it though.
It's a secure way to distribute developer builds where developers upload their releases. It's therefore not going to be a similar single point of failure, but it's also only going to exerting a small amount of influence on the app developers.
GrapheneOS
in reply to GrapheneOS • • •@dalias @NebulaTide F-Droid repeatedly not giving users Firefox updates for months because they have to slowly update their patches removing things they dislike is an example of how much of a disaster it ends up being. Users getting browser security updates is critical.
They've also had a long history of doing weird things like rolling back security critical dependencies compared to what apps use themselves. They do similar things for their own apps too to support ancient Android versions.
GrapheneOS
in reply to GrapheneOS • • •astroboy
in reply to GrapheneOS • • •Yes, I think it's best to install apps from GitHub releases, and subscribe to GitHub releases of your apps to get notifications about new releases. But that only works for apps hosted on GitHub (GitLab should have similar functionality).
But your own tool to verify certificates sounds very interesting.
GrapheneOS
Unknown parent • • •@tibs @dalias @NebulaTide According to F-Droid themselves, their Firefox fork uses services which track users. The telemetry they're disabling is not mandatory and it's as if they're trying to make the changes more invasive rather than doing the least invasive change possible. Some of their changes include adding bookmarks/links to the F-Droid site.
The only thing they truly consider a blocker to updates is removing the client side Google Play libraries which blocks their updates for months.
GrapheneOS
in reply to astroboy • • •GrapheneOS
Unknown parent • • •We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative. It provides developer signed builds.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
tibs
in reply to GrapheneOS • • •Maybe Mozilla could make a browser that is not riddled with telemetry and bad defaults, so the F-Droid team doesn't have to fix it.
GrapheneOS
Unknown parent • • •GrapheneOS
Unknown parent • • •Si (he/him)
in reply to GrapheneOS • • •@dalias @NebulaTide
What's your recommendation regarding @IzzyOnDroid and their reproducible builds approach?
Use this instead of f droid repo?
j@mastodon
in reply to GrapheneOS • • •I think you're dismissing the important curation work of F-Droid.
Sure it's imperfect and security patches take too long, an additional intermediary etc.
But using Obtainium [edit: I was wrong about Accrescent] just leaves the users to their own devices installing any app, with zero oversight.
Far from ideal.
You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
BohwaZ reshared this.
GrapheneOS
in reply to j@mastodon • • •@jcast
> I think you're dismissing the important curation work of F-Droid.
They don't do important curation work. They do a very poor job with that and their changes have consistently introduced security vulnerabilities and broken apps.
> Sure it's imperfect and security patches take too long, an additional intermediary etc.
It's not only an extra intermediary but a group of people who have demonstrated themselves to be highly untrustworthy with underhanded malicious behavior and coverups.
GrapheneOS
in reply to GrapheneOS • • •@jcast
> You seem to be suggesting bad will from FDroid management, it would be better if you were more explicit on why you think that way, instead of just insinuating.
They've done repeated coverups of security vulnerabilities including ones their own team discovered. They regularly refuse to fix serious security and other flaws. They've engaged in serial harassment towards security researchers, including but not limited to people involved in the GrapheneOS project. We're not insinuating.
GrapheneOS
in reply to GrapheneOS • • •@jcast
We're warning our users away from putting themselves at risk through an unsafe platform with untrustworthy developers.
j@mastodon
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •@jcast Accrescent has standards for the apps which are included and is going to include tags for filtering based on which apps are open source, have reproducible builds, etc.
github.com/accrescent/meta/iss…
It is in an early phase where it's not open to all developers submitting their applications yet and doesn't have a lot of applications. It is intended to provide an open source, secure and trustworthy alternative the Play Store not a small catered repository of apps they want to promote.
Support "open source" tag · Issue #25 · accrescent/meta
GitHubj@mastodon
in reply to GrapheneOS • • •This looks as ugly for WireGuard than for F-Droid.
WireGuard current app on Izzy repo for F-Droid does not tell users where it's updating from, does not ask for consent and it's opt-out. So there were clearly not happy about letting users know.
Not to diss WireGuard which is course an awesome project.
A growing number of Izzy repo apps are reproducible builds.
GrapheneOS
in reply to j@mastodon • • •j@mastodon
in reply to GrapheneOS • • •You replied to my comment on Wireguard choosing very deliberately to hide background updates from users with an adhominem on Izzy.
Not taking his side, and understandably you have removed your trust from them, but this doesn't look good on you.
j@mastodon
in reply to j@mastodon • • •I've read Izzy's comments on several forums for many years now, and I never witnessed nothing but either praise or constructive criticism of GOS.
Your mileage might vary, but from my perspective it just sounds you're each fiercely defending your ground. GOS focusing on security and FDroid on the 4 freedoms.
GrapheneOS
in reply to j@mastodon • • •@jcast
Izzy regularly spreads misinformation about GrapheneOS and has participated in harassment towards our team. Call it what you want, doesn't change what it is.
GrapheneOS is a privacy project. No matter how many times you folks misrepresent what it is and falsely claim it cares about security over privacy and all the other misinformation.
j@mastodon
in reply to GrapheneOS • • •I wasn't aware of that privacy vs. security controversy.
I'm in no way affiliated with FDroid and am seriously taking notes of your concerns and criticism.
I also appreciate your availability to communicate so transparently, and usually in a very mature way.
Just noting two things here: Wireguard opaque attitude, and you not replying to that concern.
GrapheneOS
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •Inclussion into official F-Droid? (#7) · Issues · IronFox OSS / IronFox · GitLab
GitLabGrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •j@mastodon
in reply to GrapheneOS • • •You're replying to me as if I was defending Izzy.
I'm not, I see things got ugly.
But you're still choosing to go down the path of attacking him instead of replying to a legitimate concern about Wireguard's choices.
GrapheneOS
in reply to j@mastodon • • •j@mastodon
in reply to GrapheneOS • • •Sure that shows two things:
- FDroid review system is to say the least flawed.
- Given that the new WG version on Izzy's repo does not even prompt the user for opt-out bg updates, WG chooses to be opaque (edit: to users), which I find concerning.
GrapheneOS
in reply to j@mastodon • • •j@mastodon
in reply to GrapheneOS • • •j@mastodon
in reply to GrapheneOS • • •In practical terms, this means WG installs from FDroid, using Izzy repo and updates in tje background without ever requesting user permission or producing a notification.
So it really sounds at this point you're purposedly misleading and obscuring this fact.
GrapheneOS
in reply to j@mastodon • • •j@mastodon
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •@jcast
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
GrapheneOS
2025-01-28 19:34:50
j@mastodon
in reply to j@mastodon • • •GrapheneOS
in reply to j@mastodon • • •@jcast
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
GrapheneOS
2025-01-28 19:34:50
j@mastodon
in reply to j@mastodon • • •To clarify, I'm not using GOS, but another AOSP based OS.
Maybe GOS is more has more explicit permission model, but my issue is with WG, not GOS in any case.
GrapheneOS
in reply to j@mastodon • • •@jcast
No, apps require the user to grant a permission to request to do app installs or updates:
grapheneos.social/@GrapheneOS/…
GrapheneOS
2025-01-28 19:34:50
GrapheneOS
in reply to j@mastodon • • •Bootsmann 🪢
in reply to GrapheneOS • • •@kuketzblog @PC_Fluesterer
Eure Meinung/Einschätzung dazu würde mich sehr interessieren.
Vlady
in reply to GrapheneOS • • •to all of you asking what to use instead/how to install applications in the most secure way: youtube.com/watch?v=IAoCfrqxIE…
A very nice step-by-step explanation on what apps to use and how the sources hierarchy should look like
- YouTube
youtube.commrecheese 🧀
in reply to GrapheneOS • • •GrapheneOS
in reply to mrecheese 🧀 • • •Active Peanut Butter Express
in reply to mrecheese 🧀 • • •GrapheneOS
in reply to Active Peanut Butter Express • • •@37974f34f799d8d9930b0114a2b0b5d1fcd1a35011bb1f6ed5839800605b9b1d @d8f38b894b42f7008305cebf17b48925654f22b180c5861b81141f80ccf72848 grapheneos.social/@GrapheneOS/…
GrapheneOS
2025-01-27 22:35:34
GrapheneOS
Unknown parent • • •@maggus
To provide some helpful context for other people, you've been repeatedly participating in targeting our team with harassment through spreading Kiwi Farms style content targeting them with spin and fabrications including from a Kiwi Farms user you support who regularly targets people in this way:
grapheneos.social/@GrapheneOS/…
GrapheneOS
Unknown parent • • •@Erklaerbaer Obtainium is a good concept, but it needs a more focused implementation based around shipping signed metadata with the locations for obtaining the apps and key fingerprints to bootstrap verification.
Accrescent will be providing a far larger selection of apps and tags for filtering based on whether they're open source, have reproducible builds, etc. It's in an early phase and is being built out. It needs people to support it, and unfortunately F-Droid folks are trying to harm it.
GrapheneOS
Unknown parent • • •@dalias @a1ba @NebulaTide They did provide a code transparency system to prove the generated APKs match the provided code but it does not cover all the relevant forms of resources, just all the code, so we don't think it provides what is needed even if it was widely adopted to verify what's generated.
Google essentially moved to the system used by the Apple App Store where developers upload bundles of signed code which are then turned into the actual signed packages by Apple and Google.
uwu1ba
in reply to GrapheneOS • • •Cassandrich
in reply to uwu1ba • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •Cassandrich
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •Cassandrich
in reply to GrapheneOS • • •GrapheneOS
in reply to Cassandrich • • •@dalias @a1ba @NebulaTide There's a lot of pain releasing apps through the Play Store in general aside from this, but the same applies to most alternatives to it.
The delay for app review is at least generally down to around 1 day right now. There were times in the past where it took a week or more to get an update approved and there's no way to get it accelerated for a critical update.
There are some very painful policies and it can be very painful to get the allowed exceptions approved.
GrapheneOS
in reply to GrapheneOS • • •Wilhelm Gere
in reply to GrapheneOS • • •So we can't trust squat anymore, is that it? Never heard of Obtainium either.
GrapheneOS
Unknown parent • • •Doerk
Unknown parent • • •Cassandrich
Unknown parent • • •Life.is.beautiful
Unknown parent • • •Accrescent or Obtanium
athena_rising
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •Musashi
in reply to GrapheneOS • • •I've been using it exactly because it is more eyes on top of code, minimizing the risk of malware. GitHub repos can be hijacked, so Obtainium is less secure.
Be free to correct me. If you prove to me Obtainium with GitHub is more secure I'll switch to it (already use it for a few apps). F-droid actually pissed me off by having the wrong name for an update for an app and now it crashes because a build was skipped. I also use Droid-ify, not the official app.
GrapheneOS
in reply to Musashi • • •GrapheneOS
in reply to GrapheneOS • • •