Hans-Christoph Steiner @eighthave@librem.one

@IzzyOnDroid @fdroidorg I think the #IzzySoftRepo is a good example of how a binary repo should be run: clear criteria for inclusion, good marking of Anti-Features, regular enforcement action, etc. Indeed @IzzyOnDroid caught the missing Anti-Features on the Guardian Project repo wth one of his scans. Thanks again!

One concrete example of the damage that #BigTech #gatekeeper companies like #Apple and #Google are doing to the mobile ecosystems is clear to see with media codec libraries. Right now, malware companies like #NSOGroup have maintained zero-click exploits in both #iOS and #Android for years. This is mostly via media exploits. iOS and Android have obscene profit margins, meaning both companies have plenty of cash for improving things. Yet where is the big outflow for fixing media codecs?

@guardianproject @fdroidorg Guardian Project would welcome contributions that replace the proprietary bits with equivalent free bits. I think #MapLibre can totally replace Google Maps now, but the apps in question were implemented before MapLibre was an option.

@greypilgrim @guardianproject @fdroidorg oops, I guess we got it out sooner than expected :)

@daniel If Google Play accepted source code for their review process, then they could be a lot more accurate. Seems crazy that they don't even offer it as an option.

@cketti that sounds good, but why post sources-34_r01.zip then fix something, then re-post sources-34_r01.zip? They have a revision number there for a reason, e.g. sources-34_r02.zip. It just seems so sloppy.

The newer version of sources-34_r01.zip is 8MB smaller, that's really strange:
https://gitlab.com/fdroid/android-sdk-transparency-log/-/commit/b36d6298c4dfcfe5e4ec01f8c5ca31deb5f2ba31#496b23f98c1ff561799bd78b98f5d844174c944f_1349_1349

I wish the #AndroidSDK team would follow repository best practices and stop silently reissuing binary releases under the same name/version. #MavenCentral does not allow this, for example. The #FDroid transparency log shows the newest violation: two version of sources-34_r01.zip with the file name, version code, and metadata.

https://gitlab.com/fdroid/android-sdk-transparency-log/-/blob/e7bf63a1ad3327e3e3115bfc0852c8cc8ddac067/checksums.json#L4849

@vitriolix "some unknown reason Lenin make Ukraine independent from Russia" lol, turns out there were so many people Ukraine fighting with their lives against not only empires like Russia but also against Communism in general. Ukraine was a hotbed of anarchism, for example, and then there were republicans, nationalists, and various other ethic groups that wanted independence. #Putin of course ignores all that.

@vitriolix I've watched a bit, #Putin is sure good at "truthiness"! He gives this whole lecture about various kings etc then says things like "In 1939... western Ukraine was to be given to Russia. Thus Russia, which was then named USSR, regained its historical lands". Except the USSR was never Russia, it was many states including the Russian Soviet Federative Socialist Republic and the Ukrainian Soviet Socialist Republic, which were always distinct entities in the USSR. I call bullshit

@cryptax wow yeah impressive. And app in question isn't malware. it is a well known company using a super complex packer. It seems that APK is not in #GooglePlay either, I wonder if that's related. They do have this DJI Pilot app on #AppStore, any ideas if it has the same kind of packer?

This kind of thing highlights how app review processes must review source code in order to be effective. Binary-only reviews like #Apple and #Google are at a disadvantage.

@roptat From what I've seen, it is quite common for one translator to be very active in their language. So many languages in many projects are translated basically by a single person. So complete translations can often just mean a very dedicated single volunteer rather than lots of users interested in the language. This is the volunteer-driven model. I imagine that paid translations would follow user demand a lot more.

There will be more interesting data coming soon, we'll announce it soon.

@easterhegg2024 @Kurt easterhegg klingt interessant, aber ich habe dann keine Zeit zum Reisen.