this post was submitted on 20 Aug 2024
6 points (62.5% liked)

Linux

5278 readers
474 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
 

Additionally:

  • a ton of ISO downloads, ARM and RISC-V support
  • Local AI integration for detecting images, searching through docs, finding stuff and writing emails.
  • Wayland support.
  • A new UI which is a mix of MacOS, Windows 11 and KDE Plasma.
  • Atomic updates.
  • A new containerized package format (linglong) competing with Flatpak, with some improvements over it.
top 11 comments
sorted by: hot top controversial new old
[–] unskilled5117 5 points 3 months ago

Does anyone know why they switched to this new packaging format, especially since they, as far as i can tell, were using flatpak before? I cant find any explanation on it in blog posts or release notes. In general i find the information they provide on implementations (atomic updates etc.) rather minimal.

[–] DirigibleProtein@aussie.zone 4 points 3 months ago (1 children)

Not going to trust a distribution from China, even if it does claim to be open source.

[–] boredsquirrel@slrpnk.net 0 points 3 months ago* (last edited 3 months ago) (1 children)

(There it is, the needed china = malware comment)

Lol meanwhile trusting US software?

[–] sxan@midwest.social 15 points 3 months ago (3 children)

The difference is that laws in China require companies doing business in China provide the Chinese government with means to access all data crossing Chinese borders or involving persons of interest. You can read the DSL of China yourself; and consider that nearly every executive of any significant Chinese company also holds an office of some sort in the Chinese government, there are a vast number of Chinese nationals who are considered "persons of interest" to the national security of China and therefore fall under the DSL purview.

Any company building or selling software in China has to provide the Chinese government with access to data collected in China, or outside of China if it involves persons of interest for national security. Like I said, find the DSL and read it yourself, or read an InfoSec analysis of it from a company you trust - you don't have to take my word for it.

This immediately puts Chinese software into a different category of risk than non-Chinese software. Of course, the US could twist arms to get companies to put backdoors in software. But it's a false equivalency to say that they're the same. When the US does it, they have to do it covertly, and there's always the risk of a leak. When Chinese companies do it, they're doing it because Chinese data laws require them to.

[–] boredsquirrel@slrpnk.net 6 points 3 months ago

Thanks for the clarification. If they dont collect data that would be unproblematic. If they do, of course this is extremely problematic.

[–] foenkyfjutschah@programming.dev 4 points 3 months ago (1 children)

but not every OS collects and transfers user data to its vendor like the very good American MacOS and Windows do.

[–] sxan@midwest.social 1 points 3 months ago

This is very true; that's just plain Capitalism, and the government takes advantage of that through simply asking for the data.

It's a great reason to never use MS or Apple software.

I'm stuck on Android, which is no better, at least until someone sells a phone that is reasonably usable as a reliably daily driver. So, I assume everything going through my phone is surveilled. It's the price I pay for not wanting to limit myself to a dumb phone; a minimalist phone that will allowed me to use a P2P encrypted chat client would be sufficient; I'd even accept Signal, although I'm not a fan. But phones like the Light Phone are just too dumb, and none provide any sort of encrypted chat. Linux based phones (or, a phone-oriented Linux distro) are almost there, though, and I'm ready to jump when one gets a decent review.

[–] JackGreenEarth@lemm.ee 2 points 3 months ago (1 children)

The great thing about it being open source though, is even if it does have government mandated tracking, it's probably relatively easy to a create a fork without the tracking

[–] sxan@midwest.social 2 points 3 months ago

Sure. If anyone is willing to put in that effort; I'm not going to audit all that code.

Does Deepin have its own package sources? B/c if so, you also have you audit all of the third-party packages for trojans, too.

[–] sukhmel@programming.dev 3 points 3 months ago

I wonder if said AI features run locally, but too lazy to check. Because if it's not local, it's a really big security issue no matter the country of origin

[–] onlinepersona@programming.dev 1 points 3 months ago

Why did they name the package format linglong? Does it have a specific meaning in Chinese? Is is a pun?

Anti Commercial-AI license