Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Probably because the electron/js stack sucks massive hairy monkey balls
I've seen a lot of native applications run way worse compared to their electron alternatives. The problem is most devs don't give a shit about code optimization.
It's not that the devs don't care, it's that they're not given the time to do it properly. Developer time is expensive, that's why most companies ship the very first rough draft that kinda works. If the shittyness affects profits then they will invest the absolute minimum in one specific area affecting business and nothing more.
Yes, I also realised that a while after posting my comment. Corporativism is a plague that turns everything into a shittier version of itself.
Electron isn't all that bad honestly. The bad part is people slap the same pile of massive and bloated node modules and framework in it that's the same cause as to why the modern web is so horrible.
A well written web app in Electron can feel quite good and snappy. It's just that the companies that own most of those apps don't care and won't give the developers time to build an optimized app, because that doesn't bring in money, but new features do.
Especially if you share the system electron runtime between apps, even the memory overhead isn't all that bad even compared to modern toolkits like GTK4 and Qt5/6.
But then you load like 5MB of poorly written CSS and a 10MB JS bundle plus all the assets and full screen background image and yeah, it'll chew through resources fast.
Sometimes when I have to debug a modern website, I'm amazed at the amount of crap it's there. Just checking the inspector in the browser, half the elements have hundreds of overriden CSS rules and hacks to make it display correctly instead of writing the CSS proper. Boatload of unnecessary divs and whatnot everywhere. That strains any layout engine.
The profiler in the browser console? Yeah nobody uses it, or even knows it exists and how to use it. I wow'd a lot of people just making a quick flamegraph and speeding up the code 10x like it's nothing.
We have the tools, but not the will to optimize.
massive hairy monkey balls
i'm stealing this lmao
For the same reason its not on F-droid. They say "open source" but want to keep the source code to themselves. They are hostile to anyone who wants to fork it or create alternatives
they're hostile to anyone who forks and creates alternatives using their servers. you're more than welcome making a fork on your own infrastructure.
Since it's not federated like XMPP this is completely pointless when all the users are on their server.
it's more about solutions for workplaces, for example.
How can you be hostile to someone creating forks? If the code is there you can fork it. Do you mean they are hostile to people using alternative clients to connect to their servers?
Molly still exists. They are against those forks that have Signal in their name. But in general, yes, the software development/delivery process is more similar to corporate than open source
Moxie always did keep rigid control of Signal's development and operations, often running contrary to users' concerns and needs. I don't think that has changed since he left.
He has argued at length against decentralized messaging. Requiring phone numbers is another example. Being bound to Google services is yet another: Signal dragged their feet on that issue for years, and when they finally did offer a non-google build, they hid it away on an unlinked page of their site and placed it below a "Danger" warning.
For all their talk of security and their contribution to the field of data privacy, some of their choices seem very strange, and the reasoning they offer is often dubious. I am not convinced that their motivations are aligned with my best interests. Their actions are certainly not.
This comment doesn't make sense. They can't be hostile toward people forking code that they already open sourced.
Matrix (Synapse+Element) with Signal Bridge. It's reproducible, so that's what I run.
Im a simple dude. I see matrix i hit like.
This is the answer.
Matrix needs to make it easier to expire or delete messages from the server, but other than that it's doing a lot of the stuff Signal should've been doing years ago. Easy to use multiple devices, easy to get messages on multiple devices, keep chat history in sync, no reliance on phone numbers for identity or single identity servers, good working federation / ability to set up private hosted groups, etc.
Doesnt matter if everyone else is using Signal?
Nope. Matrix works with bridges (connections to other services). So via Element (the app for Matrix), I send/receive my messages for Signal, IRC, Discord, WhatsApp, and of course native Matrix users all from one place.
My matrix server is private, but it's built for federated chat, much like Lemmy.
Yes I know but your messages end up on their phones with Signal or the other messengers on them. Awesome server, no idea how to do that, but in the end your messages end up on thede messengers, so it protects you from using that spyware, and gives the messengers weird data they dont know, but in the end they would need to switch to Matrix
I'd rather use XMPP. Synapse is bloated AF (to the point I am probably unable to run it at all on my remaining 0.5 gig RAM). There are alternative ones, but I find Prosody much less hassle. It eats 25 MB with two users and is easier to manage.
Wait, are you on HN? I feel like I've read this before haha.
No, I never comment there, I mostly dwell on IRC) It just seems to be a rather popular opinion. And experience seems to confirm this.
Sorry if this is a dumb question but what does reproducible mean in this context? I'm a little confused by the discussion here.
Meaning you can take the public source code and build (compile using your own tools) the whole package to run locally. From context, I'm assuming the public source is missing something to help you build it properly. (Maybe a dependency or a make file.)
In this context it actually means that you can take the source code, and get the exact same binary artifact as another build. It means that you can verify (or have someone else verify) that the released binary is actually built from the source code it says it is, by comparing their hashes. You can "reproduce" a bit for bit copy of the released binaries.
Ah gotcha, thanks!
Anyone else having the flatpak app crash when you click on a notification?
Yup, had the problem with Cinnamon. On Plasma it works fine.