Hans-Christoph Steiner @eighthave@librem.one

I'm sad to say that my new #laptop still needs non-free firmware blobs for working WiFi, Bluetooth, audio, and power management. Now #Debian will include those in the installer. Are we losing this #FreeSoftware fight? At least the graphics driver is #free and included in upstream Linux, that is progress. I specifically avoided #nvidia for that purpose.

How are others feeling on the firmware blob fight?

Everything was clearly better in the past, we can't even get #radioactive toothpaste anymore!

@mcopelov That is super scary to me because this is not a pivot away from supporting war, instead the EU will just be supporting the next #IraqWar #AfghanWar #LibyaWar #VietnamWar etc

One effect of the #UkraineWar is that it gives the #US #UK #NATO #Saudi etc a case to use to rehabilitate the idea they focus on: that military power is a force of good. #AfghanWar #IraqWar #LibyaWar #YemenWar provided a template for #Putin to follow. This is really not discussed enough because people want to support Ukraine in this difficult time, but it must always be part of any discussion of providing military support. Kudos to #politico for running this political cartoon linking these.

@fribbledom @surendrajat A lot of us are running Google-free these days, unfortunately that means we have slimmer coverage for Google devices, though I'm guessing a majority of our users run Google devices. That could be a factor here.

@fribbledom @surendrajat the key is providing enough information that a developer can reproduce the issue locally. Granted, that's often difficult. Without reproducing the issue locally, fixing bugs is basically just guesswork. That issue is a good example of not having enough information to reproduce, though people have posted some info.

@fribbledom @surendrajat please file an issue so we can follow up on it: https://gitlab.com/fdroid/fdroidclient/-/issues

For most bugs, 90% of the work of fixing it must come from the affected person, since it is about describing how to reproduce the bug, and providing follow up info. I rarely see bugs or crashes like this on my own devices since the ones I encounter over the years, I have fixed. We want to fix all the bugs, but we need people to report them, and provide detailed info.

@legind Yeah, I think the static site generator mode is useful only for content that is shown to users that are not logged into Wordpress. For it to work well, all info required for showing a page must be in the URL.

@legind I haven't used https://wordpress.org/plugins/simply-static/ but it sounds like it goes one better by generating the whole site as static files that can be hosted on any webserver or CDN. No database necessary.

@legind There seems to be some kind of "Wordpress as static site generator" mode now, it would be key to have that simple to use. This points to a reason why I think the GNU/Linux distro model is so important: shared maintenance of the long tail, so that many small orgs can maintain their services without going bust.

@a_sator In Österreich geht es viel besser als in andere Länder. Ich fähre regelmässig von Wien nach Semmering mit dem #Railjet, esse an Bord Fruhstück als ich hinfahre, und Abendessen nachher. Ganz gemütlich. Ich bin auch mit den ÖBB nach Goldeck und Saalbach gefahren. Ich habe kein Auto. Viele Gebiete sind fast unmöglich mit den Öffis.

@ljacomet I just saw your slides for your talk "Protecting your organization
against attacks via the
build system", a great overview! I'm a #Debian dev who has worked on packaging #Gradle. We'd love to make it as close to your version as possible. There is a proprietary build dependency that blocks that from happening. https://github.com/gradle/gradle/issues/16439

Then compare this to getting package updates via the official #Debian repositories, which includes a wide array of proven techniques for securely shipping software packages and #updates. In addition, Debian has good track record over decades. In most setups, I think it is safe to enable the "unattended-upgrades" package which automatically downloads and installs updates for the majority of packages in Debian. This is the best choice for users who do not have the means to do further examination

Another key discussion area for #updates is a #developer updating the libraries that they use in their app. Ideally the developer would review all source code changes that the lib update includes. This rarely happens in practice, and we see lots of apps inadvertantly include malware via libs that have been taken over. for example https://portswigger.net/daily-swig/popular-npm-package-ua-parser-js-poisoned-with-cryptomining-password-stealing-malware This is where devs should be thinking about how much they trust lib authors to maintain secure accounts, domain names, upload processes, etc.