Kajika

joined 2 years ago
[–] Kajika@lemmy.ml 32 points 3 weeks ago* (last edited 3 weeks ago)

The current version has a critical security vulnerability (https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) but to fix it the new version compiled against libclang version 27 but Google decided to remove it from Android so the building pipeline needs to be adjusted.

There's a long discussion: https://gitlab.com/relan/fennecbuild/-/merge_requests/63 , about building the newer version

In the meanwhile the app is a security hazard.

[–] Kajika@lemmy.ml 2 points 3 weeks ago* (last edited 3 weeks ago)

I don't see any cycle here, qemu-deskyop needs qemu-base and that's it.

I think you meant that qemu-desktop is orphan.

EDIT: I am back on my pc so I can share a magic command to clean your orhpan packages (stares at electron) -> sudo pacman -Qdtq | sudo pacman -Rn -

[–] Kajika@lemmy.ml 39 points 3 weeks ago (19 children)

knowing nothing about the situation is indeed the problem. if only this process was more transparent...

[–] Kajika@lemmy.ml 0 points 4 weeks ago (2 children)

Are we implying that we should tap every phone call?

We can say a lot of very bad stuff over the phone too. Should we have a way to prevent this?

[–] Kajika@lemmy.ml 9 points 1 month ago

yes bare git works just fine. if you ever want a web GUI and/or issues and Pull Request you want such a tool.

A web GUI can be very nice to share your repository publicly. You can also use codeberg.org if you can't or don't want to self host.

PS : I'm kinda shocked (not that much) by the downvotes or your legitimate and polite comment. Still looking for better communities/system.

[–] Kajika@lemmy.ml 1 points 1 month ago

ok, thanks for the precision. I am interested in those projects and was looking at system76's code. This new version is in a different repository named cosmic-epoch. I'll dig it more.

[–] Kajika@lemmy.ml 1 points 1 month ago (2 children)

COSMIC is built from GNOME shell, it is 100% a GNOME desktop and not from scratch.

[–] Kajika@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

I will never understand people using 3rdparty MQ and RPC implementations. What a a PR for rocketMQ right here.

You can and you should implement your communication protocols, most of the time 3rdparties are very wasteful and a security liability. I like ZeroMQ (https://zeromq.org/), they have amazing tech guides (https://zguide.zeromq.org/). I still mostly do my own code.

I may have trust issues but sockets are not THAT hard, they're just amzaingly frustrating to debug, not as much as debuging 3rdparty code.

[–] Kajika@lemmy.ml 1 points 2 months ago (7 children)

I had the idea that moderation is instance based in Lemmy, mods only moderate people on their instance.

[–] Kajika@lemmy.ml 4 points 2 months ago* (last edited 2 months ago) (1 children)

I must be missing something (I can see the community is not from lemmy.world but the guy is)

[–] Kajika@lemmy.ml -1 points 2 months ago (2 children)

OK I got it, you are completely out of the loop here.

You do not grasp the idea of NoScript and other JS filtering extension. This is not about server code, your all arguments is baseless here.

By the way JS refered to Javascript and not NodeJS.

Anyway I got you whole company/business talk about "keeping the service available, secure, performant" and "GDPR [...] bankrupting fine"... yeah lemmy.world.

[–] Kajika@lemmy.ml 1 points 2 months ago (4 children)

Thanks for your answer.

First I don't even grasp what a "service owner" is.

Second, for JS front-end openness there are already a bunch of app (web, android) that are open-source and secured. Everything has dependencies nowadays, this doesn't prevent good security. Think all the python app and their dependencies, rust, android... even c\c++ packages are built with dependencies and security updates are necessary (bash had security issues).

I think with JS scripts it's actually even easier to have good security because the app is ran in our web browser so the only possible attacker is the website we are visiting itself. If they are malicious then the close-sourced JS script is even worse. Unless you count 3rd party scripts embedded that bad dev uses in their website without even thinking about trusting them. That is also awful in both open or close source environment.

So even having imperfect security (which happens regardless to openness), who is the attacker here? I would rather run js script on my end if the code can be checked.

 

I am a long-time NoScript extension (https://noscript.net/) user. For those who don't know this automatically blocks any javascript and let you accept them (temporarily or permanently) based on the scripts' origin domain.

NoScript as some quality-of-life option like 'accepting script from current page's domain by default' so only 3rd parties would be blocked (usefull in mobile where it is tedious to go to the menu).

When I saw LibreJS (https://www.gnu.org/software/librejs/) I though that would be a better version of NoScript but it is quiet different in usage and cares about license and not open-source code (maybe it can't).

Am I the only one who thought about checking for open-source JS scripts filtering (at least by default)? This would require reproducibility of 'compilation'/packaging. I think with lock files (npm, yarn, etc) this could be doable and we could have some automatic checks for code.

Maybe the trust system for who checks could be a problem. I wanted to discuss this matter for a while.

 

Just wanted to share for the 10 people like me who has with an Nvidia + dual screen setup on ArchLinux (btw) with KDE Plasma desktop that since the new plasma 6 update I can finally use the Wayland session option!

The wayland should work has been around for the last 5 years and 5 years ago it was not even close, then 1 or 2 years ago it started not crashing but multi-screen was not OK (I tried all the kernel and driver parameters).

Now for me and my 5+ years-old setup (probably a lot of legacy plasma settings in my .config) it was finally seamless.

From previous tries I already knew that the desktop feels WAY smoother (true 60 fps everywhere, specially for the video players in web browser).

Feels great so far, discord screen-sharing is not there but can be done from Firefox if needed so OK for me.

I hope this post will be informative for some like me who tried several time over the years and didn't had much hope.

PS : the cursor has a weirdly strong outline (too shiny to my taste) feels like unintended but not a big problem. I spent 30 mins in the options but couldn't find anything about that.

 
 

The whole channel should have way more views. Science fraud is a topic that scientists knows and talk about but it is always vague and it's hard to point at precises cases due to lack of documentation (and journalists in general).

 

It's been half a year now at least that this change was introduced and it's super annoying. I discover this behavior on MacOS many years but now this is happening in Linux. Because of that I really want to change browser.

Am I missing a reason for such a change?

Edit: to be clear I always setup Firefox to ask everytime what to do but the open option used to open the file without downloading it (or probably in a tmp folder somewhere) now with the open option you have the file in your download which misses the point of asking in the first place.

 

I see all the drama around Red-hat and I still don't get why companies would use RHEL (or centos when it existed). I was in many companies and CentOS being years behind was awful for any recent application (GPU acceleration, even new CPU had problems with old Linux kernels shipped in CentOS).

Long story short the only time one of the company I worked in considered CentOS it was ditched out due to many problems and not even being devs/researchers friendly.

I hear a lot of Youtube influencers "talking" (or reading the Red-Hat statements) about all the work Red-Hat is doing but I don't see any. I know I dislike gnome so I don't care they contribute to that.

What I see though is a philosophy against FOSS. They even did a Microsoft move with CentOS (Embrace, extend, and extinguish). I see corporate not liking sharing and collaborating together but aiming at feeding of technology built as a collective. I am convinced they would love to patent science discovery too. I am pretty sure there is a deep gap in philosophy between people wanting "business-grade" Linux and FOSS community.

If you have concrete examples of Red-Hat added value that cannot be fulfilled by independent experts or FOSS community, I'd really like to hear that.

view more: next ›