sudneo

And that's fair enough. However, putting a bounty on the feature is definitely a big incentive that might have caused those features to be implemented by someone else and/or prioritized.

I stopped hearing discussions about it long ago. I suppose the thing died down.

One thing I will never understand is their endless complaint about moderation tools. They had/have a decent amount of donation, why they didn't just put a bounty on the features they needed in github and encourage contributions in that space (if not contributing directly)? It feels like it was sterile criticism when they had/have the means to actually work on the solution.

EDIT: Adding to the above. From their opencollective page, they are in +6k$. Even 1000$ on a feature and I think plenty of people will want to contribute. Considering that they were complaining about a handful of features, I don't see how it was not feasible. That will both give back to the developers and get them where they are. Win-win...?

That is one security aspect only, and signature checking is done by OStree, but the only key used is the one from flathub, from what I understand. So you don't verify the key of the application author, but solely the one from flathub, which means if the flathub distribution pipeline is compromised, you will not notice it and install a malicious package.

That said, the isolation that provides is great, and things should be evaluated in context. I will consider much much more likely that a package I install has bugs/cves/is outright malicious, compared to the risk that the publisher pipeline gets compromised (this is essentially what the signature verification would protect from). This means that it is a huge net gain in terms of security, from my PoV, to have an "unverified" package running in flatpak, under the isolation that it provides, if we compare it to having it running in the native system, but verified.

In other words, there is not a specific scale that if you "don't even do..", then it means you are not secure at all.

Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.

For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it's much better than having it running natively in my box (I.e. root namespaces).

Flatpak is generally very good for security. Especially considerino you can override some defaults, you can have fairly tight isolation.

Really? I switched everything for almost 3 years now, and to be honest for me was a "fire and forget" situation. I run /e/OS on my phone and I had basically no issues ever. I moved to Proton mail with a few clicks and their migration tool, I always used firefox, and then I switched to kagi.com as a search engine approx. 1 year ago. That's pretty much it, but I have to say, I was not a very heavy user of all the bells and whistles Google makes.

Zelensky's campaign was supported by a Ukrainian oligarch. Not exactly an "absolute outsider". In fact, during the campaign the supporters of Poroshenko (who tend to be more nationalists) used this as ground to accuse him of being associated with Russia (among other things).

Each container, by default, runs in a separate network namespace. You can use docker CLI to create specific networks that can be shared with other containers, or use docker-compose for it. Technically, for processes outside containers you can still use the same network of that container by running the inside the network namespace of the 'VPN' container (for example running them with unshare). However, I wouldn't recommend this, as containers are supposed to run mostly isolated workload and not for this kind of use-case. But yeah, technically it's feasible.

Of course, but I assume elderly people getting familiar with a completely new technology need anyway some kind of personal support and introduction from someone close. I don't think anybody would plan to throw a Mac at some elderly person and say "if any issue call Apple support", right?

I get your point though, and I am just saying that there are situations where Linux might work totally fine.

Also, the used market for apple product is not that big where I lived. Nobody in the family had a Mac also, which means she wouldn't have had anybody to ask for support at all. It's a specific situation, but my point is that having an official support is not going to help that much in some cases.

I find Mac to be extremely unintuitive in how things are organized tbh, but that's just me.

Anyway, you are right, but she wanted to spend just 3-400 euros for a laptop, which is incompatible with Apple prices. Obviously this means being there to support if something goes wrong, but with a minimal install and Linux being stable, it doesn't happen often (I also have my mom's laptop running mint). I do have a reverse tunnel script configured that allows me to SSH in their machines using a "panic" icon on their desktop.

My great-aunt asked for a PC when she was 85 and her grandchild moved abroad. I installed Linux mint with a few scripts and shortcuts to ease her life, and she picked that up (check email, Skype, nothing super sophisticated ofc). I guess if it's a new thing, windows does not the advantage of being already familiar, and Linux is more stable in my experience, which leads to less random errors.

Yes, it is a metasearch engine. It's basically like proxy+aggregator or multiple engines.