Diseased Open Source Software Community - it's about ethics in Code of Conducts

[Toolbox]

I just wanted to give some spotlight to GrapheneOS. Even though I still prefer LineageOS on day to day basis, GrapheneOS's reply should be a standard reply for every open source project. Its truly shameful that its something to be given praise for, in this politically ridden open source software landscape.

Have you used anything like banking apps? I want to nuke the OS off of my chinesium phone, but need to install shit that has to be 'certified' through G play.

 

[Markass the Worst]

Have you used anything like banking apps? I want to nuke the OS off of my chinesium phone, but need to install shit that has to be 'certified' through G play.

From the GrapheneOS usage page, whether they work seems to depend on how much retardation your particular banking app does:

Banking apps are a particularly problematic class of apps for compatibility with alternate operating systems. Some of these work fine with any GrapheneOS configuration but most of them have extensive dependencies on Play services. For many of these apps, it's enough to set up the GrapheneOS sandboxed Google Play feature in the same profile. Unfortunately, there are further complications not generally encountered with non-financial apps.

Many of these apps have their own crude anti-tampering mechanisms trying to prevent inspecting or modifying the app in a weak attempt to hide their code and API from security researchers. GrapheneOS allows users to disable native code debugging via a toggle in Settings ➔ Security to improve the app sandbox and this can interfere with apps debugging their own code to add a barrier to analyzing the app. You should try enabling this again if you've disabled it and are encountering compatibility issues with these kinds of apps.

Banking apps are increasingly using Google's SafetyNet attestation service to check the integrity and certification status of the operating system. GrapheneOS passes the basicIntegrity check but isn't certified by Google so it fails the ctsProfileMatch check. Most apps currently only enforce weak software-based attestation which can be bypassed by spoofing what it checks. GrapheneOS doesn't attempt to bypass the checks since it would be very fragile and would repeatedly break as the checks are improved. Devices launched with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities so the era of being able to bypass these checks by spoofing results is coming to an end regardless.

The hardware attestation feature is part of the Android Open Source Project and is fully supported by GrapheneOS. SafetyNet attestation chooses to use it to enforce using Google certified operating systems. However, app developers can use it directly and permit other properly signed operating systems upholding the security model. GrapheneOS has a detailed guide for app developers on how to support GrapheneOS with the hardware attestation API. Direct use of the hardware attestation API provides much higher assurance than using SafetyNet so these apps have nothing to lose by using a more meaningful API and supporting a more secure OS.

 

[Toolbox]

From the GrapheneOS usage page, whether they work seems to depend on how much retardation your particular banking app does:

You think it's probably not worth it if I need to use an app that seems like it'd have to go through Google's bullshit additional certification?

 

[Markass the Worst]

You think it's probably not worth it if I need to use an app that seems like it'd have to go through Google's bullshit additional certification?

If you need to use apps that require Google Play services then just do it. One of the hallmarks of GrapheneOS is not having Google shit installed by default and then, if you choose to install Google shit, sandboxing it so it doesn't have nearly as much grip on your phone as a stock Android device. That way more people can have an actually secure phone without being stopped by mindless ideological purity that says "nooo you can't have nonfree shit on your phone at all!!" (I'm looking at you FSF).

 

[Toolbox]

If you need to use apps that require Google Play services then just do it. One of the hallmarks of GrapheneOS is not having Google shit installed by default and then, if you choose to install Google shit, sandboxing it so it doesn't have nearly as much grip on your phone as a stock Android device. That way more people can have an actually secure phone without being stopped by mindless ideological purity that says "nooo you can't have nonfree shit on your phone at all!!" (I'm looking at you FSF).

So you can just install Google Play and it functions as intended? any decent guides you have on hand?

 

[Markass the Worst]

So you can just install Google Play and it functions as intended? any decent guides you have on hand?

Yes, there's a special app downloader for things like Google Play as well as other GrapheneOS apps. The GrapheneOS usage guide I linked is a decent guide itself.

 

[Viscious Seviper]

You have to admit the „your ingroup needs to be overrun by members of the outgroup“ rhetoric is something that is stereotypically Semitic. The troonery doesn’t help, but even that tends to be pushed by members of the tribe. See also: the „which books were burned“ meme.

The open source community has an hilariously lax “laisse faire” attitude towards cliques with that mentality. With no real standards of conduct to speak of.

Its no surprise how most projects are pozzed or get delayed indefinitely because they just don’t give a shit until one of those openly crazy bastards does something to get the site taken down.

 

[Kendall Motor Oil]

The open source community has an hilariously lax “laisse faire” attitude towards cliques with that mentality. With no real standards of conduct to speak of.

Its no surprise how most projects are pozzed or get delayed indefinitely because they just don’t give a shit until one of those openly crazy bastards does something to get the site taken down.

This also creates cliques in the industry which makes it more difficult to get into certain companies or positions. I need to go to san francisco and get into the tech kink scene if I want a FAANG job without competing against hundreds of applicants and memorizing leetcode.

So you can just install Google Play and it functions as intended? any decent guides you have on hand?

There is also a google play frontend called Aurora Store thats available on fdroid. You still need google play services for a lot of the apps to function properly, though.

 

[Toolbox]

There is also a google play frontend called Aurora Store thats available on fdroid. You still need google play services for a lot of the apps to function properly, though.

You can have a sandbox that has gplay services running right? I'm really more wanting to cut off all the chinese apps phoning home, with Google it seems practically impossible if you want to use verified apps.

 

[Uncle Ted's Cabin]

You can have a sandbox that has gplay services running right? I'm really more wanting to cut off all the chinese apps phoning home, with Google it seems practically impossible if you want to use verified apps.

My understanding of Aurora store is that it has verified apps originally from the Google play store.

 

[The Real Slim Shady]

Hector deleted his twitter account

https://twitter.com/marcan42/ (archive)

Latest archive capture was over 6 months ago. Im disappointed with you boys and girls
On Nov 20 he posted a "This Account is deprecated yadda yadda" message:



He deleted it sometime between Dec 16 and now. Lots of captures on Wayback Machine:


https://web.archive.org/web/20221215131921/https://twitter.com/marcan42 (archive of the wayback machine archive)
The December 16th is the last capture before it was deleted

His fediverse is doing very well as you can see below (finally a safe space!)

 

[Computer Guardian]

Hector deleted his twitter account

https://twitter.com/marcan42/ (archive)
View attachment 4187891
Latest archive capture was over 6 months ago. Im disappointed with you boys and girls
On Nov 20 he posted a "This Account is deprecated yadda yadda" message:

View attachment 4187988

He deleted it somewhere between Dec 15 and now. Lots of captures on Wayback Machine:
View attachment 4188072
https://web.archive.org/web/20221215131921/https://twitter.com/marcan42 (archive of the wayback machine archive)

His fediverse is doing very well as you can see below (finally a safe space!)

View attachment 4188011

Will this mean we'll finally stop hearing about the spergery of Hector and gospel of byuu committing seppiku? probably not.

 

[Markass the Worst]

Hector deleted his twitter account

https://twitter.com/marcan42/ (archive)
View attachment 4187891
Latest archive capture was over 6 months ago. Im disappointed with you boys and girls
On Nov 20 he posted a "This Account is deprecated yadda yadda" message:

View attachment 4187988

He deleted it sometime between Dec 16 and now. Lots of captures on Wayback Machine:
View attachment 4188106
View attachment 4188072
https://web.archive.org/web/20221215131921/https://twitter.com/marcan42 (archive of the wayback machine archive)
The December 16th is the last capture before it was deleted

His fediverse is doing very well as you can see below (finally a safe space!)

View attachment 4188011

The fediverse actually exists (here's his page), it's at social.treehouse.systems and it's administered by that Ariadne Connill troon. Guess Marcan is such an uninteresting person nobody ever bothered to keep up with whatever drivel he tweeted every day. At least I archived his location before he DFE'd

Also what's with cows and DFEing their twitter when moving to Mastodon? This is the second time I'm hearing about this, after Jason Slaughter of Not Just Bikes did it.

 

[ditto]

Asahi Linux for the M1 looks much cooler than I expected but the connection with Hector and the whole Asahi persona is a huge turnoff.

 

[The Real Slim Shady]

Also what's with cows and DFEing their twitter when moving to Mastodon? This is the second time I'm hearing about this, after Jason Slaughter of Not Just Bikes did it.

Since Elon took over twitter it automatically became as bad as 4chan in their eyes, or so they say. Most cows and community darlings will keep vagueposting about how awful, transphobic and bigoted is twitter, but they will never fully jump ship to fediverse cuz they get 10x less attention there. There is no algorhitm on mastodon and you actually have to post valuable content for it to have reach. But the right way to jump ship is to switch the twitter account to private instead of deleting it (there was a few posts on mastodon about it for the tWiTtEr ExPaTs).

When you delete the account twitter keeps the handle and tweets for a month, so you can reinstate it when your autistic episode goes away, and you change your mind to come back. After that period the handle is available again for anyone to register and impersonate you. Hector deleted his account in the second half of December which means that in a few days we will either see Hector magically come back and pretend nothing happened or someone will be able to register his handle and impersonate him. Either way there will be lots of milk.

Asahi Linux for the M1 looks much cooler than I expected but the connection with Hector and the whole Asahi persona is a huge turnoff.

This makes my gut clench because M1 is really decent hardware, and the person who is in charge of porting linux to it happened to be the most stupid kernel developer that walked the earth. Look at his pull request wrong and he will be vague posting and stomping his feet in a tantrum for a week. I have no idea how the fuck this moron even got so far into kernel development given that Torvalds and others are one of the most down to earth and no huggy-feely, no-fucks-given project maintainers. I think it's why he "changed his mind" about upstreaming the Asahi Linux because just so many people would not put up with his bullshit. Unless someone sane takes over M1 Linux development we will probably never see Linux on the M1.

How come Hector does not have a thread on the farms yet?

 

[D.Va]

>can port Linux to a new CPU architecture only Apple knows how to use
>can't configure nginx
how

 

[Knight of the Rope]

Asahi Linux for the M1 looks much cooler than I expected but the connection with Hector and the whole Asahi persona is a huge turnoff.

Pictured: Asahi Linux development.

How come Hector does not have a thread on the farms yet?

He's just really boring, would be my guess. I mean fuck, nobody here could be assed to archive his shit for the last six months, and it turned out that we didn't even miss anything anyway so we were right to be lazy all along. The most important thing to happen to Hector was Byuu (not) dying and his chimpout about it, and that was chronicled pretty extensively in the Twitter Meltdown thread.

 

[teriyakiburns]

I think it's why he "changed his mind" about upstreaming the Asahi Linux

"I have a thick skin"

citation fucking needed

Man, most of his whining seems to be some variation of "I didn't lurk long enough to learn the culture". Bratty newbs who leap in and insist on "fixing" things that don't need fixing are the bane of every open source project, but especially one as long-standing as the linux kernel. He's like a more autistic, even less likeable Poettering.

 

[Lord of the Large Pants]

He's like a more autistic, even less likeable Poettering.

Hey, come on, let's not claim the impossible.

 

[The Real Slim Shady]

The fediverse actually exists (here's his page), it's at social.treehouse.systems

Hm, didn't know mastodon supports that. Though leaving the default webserver page instead of a HTTP 301 redirect on the main site is so lame