Hans-Christoph Steiner @eighthave@librem.one

Just tagged v2.2.1 of #FDroid fdroidserver tools package, and uploaded it to pypi.org, #Debian, and our #Ubuntu PPA. This version has passed autopkgtest in Debian/bookworm, so it looks like it should make it into bookworm without further work https://tracker.debian.org/pkg/fdroidserver

The #AI #ChatGPT #Bard etc story repeats the #Bitcoin story in terms of how it will impact society. They are built on the kernel of a useful idea, but their structures heavily preference harmful use cases. #Bitcoin enabled #ransomware, tax fraud, investment scams, dodging sanctions, while only providing a slow, energy intensive payment system. #AI texts enable #disinfo, #cheating at school/work, #TechnicalDebt, devaluation of human labor, all to provide an #climate-damaging, error-prone search

@matthew_d_green services that do not require accounts https://f-droid.org/2022/02/28/no-user-accounts-by-design.html

@erikbtoots @matthew when I watched the video, it had the time of day, rather than the time in the video. So 14:00 means around 2pm the day of the hearing.

@j2bryson @1br0wn @spikebike Ah yes, the #Huawei aspect would explain it. I wonder how many 0-click Pegasus/etc infections they would have prevented by not mandating a single vendor for mobile devices. Back in 2018, #iOS was looking better than #Android in terms of security.

@debacle @rene_mobile @mobian This makes me think of how I used to be excited about working with #Android, now the only exciting thing about it is its market share. As a #hacker, I find #PinePhone a lot more exciting these days, despite all its limitations.

@rene_mobile Aspects of the technical structure of #Android magnify this because developers cross-compile and run in emulators/devices. Basically no one is doing Android dev on Android. #macOS and #iOS at least were very close to the same OS. I switched to #Debian #GNOME and #Android at the same time, around 2009. Back then, #Android was hackable and flexible. We took full advantage of that. Now my feeling is that #Android is focused on #security for #BigTech and no longer empowering users 2/2

@rene_mobile #Google is a #cloud company, and its users expect to have everything tied into the cloud. Fine if you want that. Before, #Android offered much more developer freedom and flexibility. Now, it feels like it is being locked into the cloud and pushed to prioritize consuming over creating. Same thing with #macOS, I used #NeXTSTEP since 1994, and stuck with it unbroken as it became MacOSX and even #iOS. #iTunes and iOS pushed #Apple to shift their focus from creating to consuming. 1/

@rene_mobile I haven't touched SAF code in a while now, so I can't remember details. I do clearly remember feeling that this API made it drastically harder to do what I was doing before. And in order to give any kind of consistent UX across the supported #Android versions, I had to have 3 parallel implementations with a number of per-version quirks. Plus it is biased towards pushing to the cloud. For many use cases, local storage still has advantages, including #privacy and resilience.

@j2bryson @spikebike @1br0wn if so, that's a laughable policy. One of the most basic rules of defense is "don't put all your eggs in one basket". Ahem #Pegasus 0-click https://www.amnesty.org/en/latest/news/2021/07/pegasus-project-apple-iphones-compromised-by-nso-spyware/

@rene_mobile And also, I think the right solution is to keep the bad apps out, that's what we work to do in #FDroid. Then users have the freedom to use apps that require flexible access to the external storage to provide their features. The SAF changes felt to me to be a way to cut out apps that do media/app sharing device-to-device, instead of via cloud services. Device-to-device data exchange is very important in places where data plans are expensive and measured in the 100s of MB per month

@rene_mobile I understand why they were created, and I think the core idea is good. But the way it has been rolled out has been painful to a lot of developers, especially if the app isn't just doing a simple tie-in to a cloud service. My experience is that every other OS release introduced new and often conflicting APIs and requirements making it very difficult to make a UX that worked across the currently supported releases.

@spikebike @j2bryson @1br0wn That could play an role in the pricing, but I'm guessing it is a pretty small role. These exploits are generally sold priced per-target. The governments using them care about getting access to the target, not all the users of a platform.

That totally clicked for me, that's how I have been feeling about working with the Storage Access Framework APIs in Android. On top of that, Android APIs prefer cloud services. Guess what: #Google #cloud services are built-in defaults for those APIs on all the Google devices.