Now you know how I felt through this whole comment chain
(there’s an unwritten glottal stop between those two ee’s, for anyone wondering)
And why pirates drink coffee. “Boo, tea!” they cry
thanks for the hard work guys!
Chaos A.D.
Disorder unleashed
Silence means death
Stand on your feet
Inner fear
Your worst enemy
It’s like I’m looking in a mirror
Chaos A.D.
Disorder unleashed
Silence means death
Stand on your feet
Inner fear
Your worst enemy
I think he said “tryna”, which is a shortening of “try to”
That defense was all over the place!
We had a raffle at the local community center. Everyone bought tickets, and the prizes seemed decent (bottle of wine, large wicker chair, rocking horse). The winner of all three draws was the long-standing cleaning lady of the center, who had just had a grandchild and was heading for retirement.
I’m all for supporting someone’s retirement, especially for someone who has given a lot of effort to making the community feel hospitable.
But not like this, not like this…
Eh sure, if you’re within the central ring road all you really see are EVs, but my ex’s dad definitely drove his old guzzler through the other rings and was far from alone from doing so. Then again, that was over 5 years ago, so the blanket ban may have spread outwards
Lower age limit for any leadership position would be 18.
With at least 10 years served in public office
oh wicked, I didn’t know android was there yet
A full retreat into the vestiges of our minds and fantasies.
Leave your cares behind,
come with us and find
The pleasures of a journey,
to the Center of the Mind
I hear you, but they have to to sign the packages because android builds are not reproducible. Yeah it’s an extra notch in the chain, but it’s an extra check against bad binaries too
Welcome!
I mean if you only use trusted applications repos
Trusting an application means trusting every developer who has contributed to its codebase. The XZ attack showed that it just takes one pushy contributor to completely expose an attack surface.
The only thing you can really trust is applications that you build yourself and can personally vet the source for. No one does that of course, so we place some trust in authorized developers (e.g. archlinux-keyring) who have been vetted by their various organisations. With Github, no such vetting occurs, it’s just some guy/girl hosting their code.
MITM attack to Obtainium
I have to admit I don’t know much about the security that Obtainium uses. I’m hoping everything is TLS certified to make MITM difficult, but I don’t know those details. All I do know is that you’re getting binaries hosted by someone on github who might have zero cred in FOSS circles.
not the best resource, but:
we don’t audit every single app that makes it into the store. But we do make sure that everything is free software, and do test/investigate to a certain degree.
From what I understand, F-droid regularly audits a few new apps for malicious code, and always makes sure that the source built the binary.
With Github releases, maybe some of these binaries are generated by CI, but I’m betting more that they’re generated locally in dev and then uploaded to Github as direct releases. That is, the source you see on a repo on Github is not neccesarily the same source used to generate their binaries.
To me that’s a wide angle of attack, and that’s why I stick with F-droid, even if it’s minimal checking.
Starring this comment.