Hans-Christoph Steiner @eighthave@librem.one
Joined Aug 2019
@daniel If Google Play accepted source code for their review process, then they could be a lot more accurate. Seems crazy that they don't even offer it as an option.
@cketti that sounds good, but why post sources-34_r01.zip then fix something, then re-post sources-34_r01.zip? They have a revision number there for a reason, e.g. sources-34_r02.zip. It just seems so sloppy.
The newer version of sources-34_r01.zip is 8MB smaller, that's really strange:
https://gitlab.com/fdroid/android-sdk-transparency-log/-/commit/b36d6298c4dfcfe5e4ec01f8c5ca31deb5f2ba31#496b23f98c1ff561799bd78b98f5d844174c944f_1349_1349
I wish the #AndroidSDK team would follow repository best practices and stop silently reissuing binary releases under the same name/version. #MavenCentral does not allow this, for example. The #FDroid transparency log shows the newest violation: two version of sources-34_r01.zip with the file name, version code, and metadata.
@vitriolix "some unknown reason Lenin make Ukraine independent from Russia" lol, turns out there were so many people Ukraine fighting with their lives against not only empires like Russia but also against Communism in general. Ukraine was a hotbed of anarchism, for example, and then there were republicans, nationalists, and various other ethic groups that wanted independence. #Putin of course ignores all that.
Hans-Christoph Steiner
boosted
Good thing the #Apple App Store is secure, it would be a shame if the #DigitalMarketsAct allowed alternative platforms to set up shop and start pushing fake software to #iOS devices...
Hans-Christoph Steiner
boosted
This week in F-Droid (TWIF) was just published again!
We explain the "unattended upgrades for everyone" in 1.19.0 of our client in more depth.
Additionally:
- we talk about Acode editor - Android code editor, MRepo, PiliPala, SIYuan, K-9 Mail, Rocket.Chat and SimpleX Chat.
- big apps like Gao&Blaze, TuxPaint and Katawa Shoujo: Re-Engineered got their own paragraph
- the spring-cleaning continues
- our recap of FOSDEM is also linked
@vitriolix I've watched a bit, #Putin is sure good at "truthiness"! He gives this whole lecture about various kings etc then says things like "In 1939... western Ukraine was to be given to Russia. Thus Russia, which was then named USSR, regained its historical lands". Except the USSR was never Russia, it was many states including the Russian Soviet Federative Socialist Republic and the Ukrainian Soviet Socialist Republic, which were always distinct entities in the USSR. I call bullshit
@cryptax wow yeah impressive. And app in question isn't malware. it is a well known company using a super complex packer. It seems that APK is not in #GooglePlay either, I wonder if that's related. They do have this DJI Pilot app on #AppStore, any ideas if it has the same kind of packer?
This kind of thing highlights how app review processes must review source code in order to be effective. Binary-only reviews like #Apple and #Google are at a disadvantage.
Hans-Christoph Steiner
boosted
Totally impressed by the level of this blog post on de-obfuscation of an advanced packer
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
I hadn't ever seen the trick about "stealing bytecode" from methods from the ART class verification stage.
@roptat From what I've seen, it is quite common for one translator to be very active in their language. So many languages in many projects are translated basically by a single person. So complete translations can often just mean a very dedicated single volunteer rather than lots of users interested in the language. This is the volunteer-driven model. I imagine that paid translations would follow user demand a lot more.
There will be more interesting data coming soon, we'll announce it soon.
Hans-Christoph Steiner
boosted
"To restore Earth’s forests and mitigate climate change, states should devolve management rights to the communities in these land parcels and grant them secure tenure."
#rewilding #restoration #forests #climatechange
https://www.rewildingmag.com/the-best-way-to-restore-forests/
@easterhegg2024 @Kurt easterhegg klingt interessant, aber ich habe dann keine Zeit zum Reisen.
@blue_led you're welcome! I'm happy to hear that all of our work has helped push free software on Android forward.
Hans-Christoph Steiner
boosted
Big thanks to Kai-Chung Yan, Komal Sukhani (couldn't find them in the Fediverse), @eighthave and everyone else involved for packaging the open source parts of the Android SDK for Debian! 💙
With this I managed to revive an old Android app of mine that stopped working several years ago due to server-side changes.
#AndroidSDK #OpenSource #AndroidApp
git fsck makes it much harder to attack a git repo, but it seems that the normal git workflow does not enable it by default. In #FDroid it is enabled for all fetches in our config:
https://f-droid.org/docs/FAQ_-_App_Developers/#how-can-i-handle-fsck-error-in-packed-object-for-my-app
But I still can't find a clear answer about what checks #Git does by default. Anyone know?
I got the opportunity to go to #FOSDEM and of course I had my #FDroid "hat" on. I wrote up some quick impressions of my trip, including what I learned about the #EU's #DigitalMarketsAct #CyberResilienceAct and #ProductLiabilityDirective
There really are a lot of important projects represented there:
https://f-droid.org/2024/02/06/at-fosdem.html
@roptat how so? You mean like level of completion versus how popular a language is?
Based on @maarten 's post https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/ I think the only people listed in my example that would be at all regulated by the #CRA would be the last one: "contracted contributors". It sounds like they might be considered "open source software stewards" with obligations under Article 17a depending on whether the #EU considers F-Droid as "intended for commercial activities"
https://www.cyberresilienceact.eu/the-cyber-resilience-act/
My guess is #Nextcloud/#Ubuntu would be considered commercial while #FDroid/#Debian would not
Hans-Christoph Steiner
boosted
Last weekend I co-organised a "EU policy devroom" at #FOSDEM, marking the end of a wild 17 month ride in EU policy land working on the #CyberResilienceAct.
A blog I just published provides an overview of CRA #FOSDEM content, including my personal story starting #FOSS policy engagement in Brussels.
I hope it will contribute to a shared understanding of how the #CRA will most likely affect developers of #opensource software. Feedback welcome.
https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/
Joined Aug 2019
