kixik

OK, there's a codeberg comment someone else shared, and based on that there's another of such comments from another issue, which sort of indicates an attempt to get back / reset current behavior, but I'm not sure if that one worked or not given the comments from the one who posted it...

Yes, it seems a mess, :(

There's also this comment: https://codeberg.org/librewolf/issues/issues/2029#issuecomment-2281388

Sorry about that. I was not aware of other meanings. I'll try to remember to use the complete "software" word instead of its acronym I was used to since the 90s... Hopefully under the context what I wrote doesn't get misinterpreted. Thanks !

What was your setting that is getting overwritten? What I can see from librewolf settings are:

• network.dns.disablePrefetch
• network.dns.skipTRR-when-parental-control-enabled
• doh-rollout.provider-list
• network.trr.mode
• network.trr.uri

If talking about non proprietary kernels' drivers, such as linux, then again, profit is what regulates it. No wonder why now nvidia finally cares about linux, being the most used kernels behind the cloud, behind servers of whatever. Meaning, it's not profitable not to support linux now a days for Nvidia.

The other fundamental factor is lock-in, which is abused by some big corps, such as MS.

But the profit idea es even wrong, but it's what we have been educated with. For an OEM, providing FOSS drivers or FOSS FW doesn't mean to have less profit, but somehow it's interpreted as such. And there's also our culture, backed by corps again, that tends to make us believe that everything profitable enough has to be corporate secret, and if not, others would take advantage of you business. That way of thinking really prevents for more FOSS adoption at the OEMs level. I don't agree with it. It might be the presence or lack of some HW features might be inferred by the drivers/FW, but it doesn't mean your competitors will know how exactly you provide such feature, and even less how to make it with the performance you do. And usually once released, you really want to show off your features, your innovation and so on, not keep it secret. So in general, really see no issue for OEMs not to offer drivers and FW as FOSS, even as free/libre SW.

I can imagine OEMs offering FOSS drivers and FW, but that not being as convenient for the major players in the market, since that would risk their position in the market. Just a thought...

Remember the lock-in mechanisms by the corps that feel being threatened if open sourcing dirvers... Some of which no longer say it out loud, but still think GPLed licences are a cancer...

I'm not aware of any, do you mind sharing anyone, better if not requiring account?

BTW I can easily find blogs about p2p solutions for whatever, but not about p2p blogging solutions...

The issue with social networks is the account requirement. Even though decentralized, they still require servers with accounts. If you, to prevent not being able to access at some point included an email, and the server gets hacked, then there you go.

Perhaps is a mistake of mine, to think social networks are not anonymous enough. Maybe they are. But tracking mechanisms are so sophisticated now a days, than the need for an account make me think they won't ever be. That's why I excluded social networks. Perhaps it's the only option as of Today though.

I have never bought the idea that free/libre SW in general is just not as easy, including GNU+Linux. I'll leave out open source initially, and come back to it later, not because it doesn't experience the same, but because corporate wide it doesn't suffer the same fate. And linux itself is one of the most widely used kernel if not the most, it happens similarly to openssl, and so many other open source components. So I see no issue with linux adoption, I can't think of any kernel more adopted than linux...

To me what has really affected free/libre SW is the monopolistic abuse of the corporations, plus their ambitions, and how in Today's world, they have created the illusion that being a technologist is the same as being a technology consumer, which gets into the hearts of governments and education systems (more hurting, public education systems). Let me try some practical examples:

• Educations systems translate the need to educate students about technology into making them familiar with MS different SW, like the windows OS, MS outlook, MS office, MS project, MS visio. Even on the higher levels of education, colleges and universities prefer to use matlab over octave for example, even for just matrix operations scripting. Office covers spread sheets BTW, so people specialized on accounting know excel, but no other spread sheet.
• On public education systems, where one would be inclined to think it might get more interest on developing the expertise to not depend on proprietary SW only, it's where corporate reach deeper offering "cheap" educational licences.
• From the prior two keep in mind that educational licenses from proprietary SW usually means future professional and people depending on proprietary SW in general. They are meant not to educate, but rather generate the future dependent population.
• Governments, whether local or nation wide, instead of adhering to open standards, for any kind of form submission, and even further to adhere to use of free and open source SW, to build the technical and competency expertise required to have a criteria about different technologies, about SW, infrastructure, DBs, and so, they prefer to require citizens to use non free or open source SW to create required forms, and prefer to pay for SW solutions which totally lock in the entire solution, usually coming from big corps, or other companies actually making use of SW and technologies coming from big corps.
• In their effort to discredit free/libre SW, the idea that the fundamental principles behind free/libre SW hurt the SW industry, or that are irrelevant to Today's world or even worse than that, there were claims that the GPLed kernel was a great threat and GPLed SW a cancer. Now that open source usage has totally overcome free/libre SW, there are no such claims, but the damage is done. There's nothing wrong with people wanting some compensation from corps, when developing SW, and thus not using free/libre licenses like GPL-3+ or AGPL, but in the end that eventually might hurt the users rights protected by such licenses, which such corps don't really care that much (their profit has higher priority for sure), and experience shows that just because SW is licensed open source doesn't guarantee any compensation for the development whatsoever, so if volunteering SW, doing so as open source is not even close to get every developer a decent income out of their contributions. Well, except for the big corps backed SW, linux included, but that's not the majority of open source SW.
• The discredit of free/libre SW, which allowed the eventual creation of open source, is such that the banning of individuals ends up being an attack to the organizations behind it and even their principles and motivation.
• Moving away from the free/libre SW observations, even now with open source, from the big corps, which barely compensate the open source developers, complain about the open source supply chain, campaigning against not well maintained SW and such, there's the famous image of a complex and heavy structure depending on a weak and deficient leg. Whatever truth around that figure, it of course hides the overall picture of the developer of such leg not ever being compensated (not to mention paid) for his library or SW component, and perhaps that's one of the reasons the project got even abandoned, but now it's easy to blame such situation when talking about FOSS in general.

Paid SW might be more intuitive to use at times, I can understand that. There are paid developers making the UIs more intuitive and attractive, in the end it needs to be bought or massively consumed to get earning through its use. But if you look deeper, perhaps it's not just that free/libre or open alternatives are non intuitive at all, perhaps people gets used to that UI when attending basic or high school, or college/university. Perhaps even when exposed to mobile devices even when they can barely walk. Everything else, different in nature, will look alien to the future "technologists"...

On a sad (lacking hope) note, I don't think there's any indicator of things changing. My only hope is changes in educational systems, which are nowhere happening, and not the parents, as mentioned they are already convinced that using google, ms, apple, oracle or whatever prepare their kids for the future and will make them the technologists of the future.

On a funny note, I would answer the motivating question with: Linux is so good that it's actually most probably the most used kernel world wide, :)

ok, thanks !

umap on french servers, and umap is between other things an API on top of open streetmap...

Is that correct?

Well, there is something mentioned about latest version of omemo:

OMEMO doesn’t attempt to provide even the vaguest rationale for its design choices, and appears to approach cryptography protocol specification with a care-free attitude.

To put it mildly, this is the wrong way to approach cryptography

...

Because there is no rationale given for this sudden square-root reduction in security against existential forgery attacks, we kind of have to fill in the gaps and assume it was because of some kind of performance or bandwidth considerations.

But even that doesn’t really justify it, does it?

You’re only saving 16 bytes of bandwidth by truncating the MAC. Meanwhile, the actual ciphertext blobs are being encoded with base64, which adds 33% of overhead.

For any message larger than 48 bytes, this base64 encoding will dominate the bandwidth consumption more than using the full HMAC tag would.

...

Is truncating the HMAC tag to to 128 bits still secure? According to Signal, yes, it is. And I offer no disagreement to Signal’s assessment here.

The problem is, as I’ve said repeatedly, OMEMO’s specification makes no attempt to justify their design decisions.

Then on one of the comments, there's an interesting comment on something signal has mentioned it's working on quantum resistance, that it's no clear is something omemo will support, and even less when clients might adopt if eventually available:

Indeed quite often someone compares the two protocols and implies OMEMO is as mature as the current state of the art Signal protocol. Allow me to throw in the emerging post-quantum support that Signal is adding or already has in libsignal.

Somehow is implied on the comment that omemo is immature compared to libsignal...

At any rate, dino uses libsignal-protocol-c (on Artix/Arch 2.3.3), not libomemo, and conversations uses libaxolotle-java (according to the "about" section in the settings). So somehow using signal library underneath. Although I have no idea how up to date with regards to the signal library those might be (though the axolotl dependency on conversations allows to think it's outdated). And for conversations the author mentions:

To be clear: These aren’t separate dependencies that Conversations pulls in to implement plugin supports. They’re first-party cryptographic implementations all within this Android app’s codebase.

I guess by 1st party the author means like copy/paste the code (with local twists, which might be dangerous but perhaps necessary) to have a local version of the libraries. This sounds like a non version related criticism, but it's client related rather than protocol related, however the author mentions other clients are way worse, leaving no hope...

I don't see on dino an option to always use omemo BTW, not sure if dino just it implies omemo by default, but it doesn't have a way to force it. Perhaps a feature to ask dino developers...

At any rate, according the post there's little hope for xmpp + omemo. Which was actually something I was still hoping for, well, besides getting jami working at some point (but it has crypto issues on its own, including lack of auditing).

betterbird tray solution doesn't work on wayland, given a bug on common code (affects both, Firefox, Thunderbird and derivatives). Just in case that's one of the motivations of using betterbird. That by the way was the only feature that really made me look at betterbird, and as it didn't work, I went back to TB. And if you're wondering, birdtray doesn't work on wayland, 😑.