RustDesk: I Found This Open-Source TeamViewer Alternative Impressive!
Please have a look at the warnings in the comments:
discuss.tchncs.de/post/2163205…
discuss.tchncs.de/post/2163205…
RustDesk: I Found This Open-Source TeamViewer Alternative Impressive!
RustDesk is a fantastic secure remote desktop tool. Let's take it for a spin!Sourav Rudra (It's FOSS News)
like this
KaRunChiy likes this.
The Zionist occupation targeted and sniped a socialist activist and US-Turkish citizen in the head while she was peacefully protesting the expansion of illegal settlements in the occupied West Bank.
Aysenur Ezgi Eygi, 26, an American-Turkish activist, arrived in the West Bank on Tuesday to volunteer with the International Solidarity Movement (ISM) as part of a campaign to protect Palestinian farmers from settler and Zionist military violence.
It is worth noting that Eygi would be the third ISM volunteer the occupation murdered, after Rachel Corrie in 2004 and Tom Hurndall in 2005.
“An American solidarity activist arrived at the hospital with a gunshot in the head, and we announced her martyrdom around 14:30,” the director of Rafidia Hospital in Nablus, Fouad Nafaa said on Friday.
The Hamas Resistance movement issued a statement strongly condemning the Zionist crime that led to Eygi’s martyrdom, stressing that it is an extension of the murders deliberately targeting international volunteers in occupied Palestine.
In July, foreign volunteers helping Palestinian farmers in the occupied West Bank were attacked and assaulted by settlers, with some having to be transported to the hospital to receive medical treatment for reported injuries, activists stated on Sunday.
Eight volunteers, most of whom are American, were attacked by a group of 11 settlers from the Esh Kodesh illegal settlement while working in an olive grove near the Palestinian village of Qusra, David Hummel, an American-German volunteer, said.
“We were standing there peacefully, not a threat to anyone when they started coming towards us and pushing us down the path,” he told AFP, adding “They started attacking and beating us all with sticks and metal pipes and they were throwing rocks as well at us.”
Hummel described the attack as “very violent” and showed AFP his bruises sustained after the settlers beat his legs, arms, and jaw.
Palestinian left organizations also released statements which we publish in full below:
Popular Front for the Liberation of Palestine:
—
The martyrdom of Turkish-American activist Aisha Ezgi is a continuation of a long series of occupation targeting all free voices.
– The martyrdom of the Turkish-American activist, Aisha Noor Ezgi, after being shot in the head by occupation forces near Mount Sbeih in the town of Beita, south of occupied Nablus, is yet another Zionist crime added to the occupation’s black record of targeting foreign activists in solidarity with our people.
– This crime brings to mind a long series of crimes committed by the occupation against international solidarity activists, from the assassination of American activist Rachel Corrie and British activist Tom Hurndall in Rafah, to the attack on the “Mavi Marmara” ship breaking the siege, which led to the martyrdom of ten activists, among other continuous attacks and practices against those in solidarity.
– The occupation continues to target anyone who stands for justice and defends our people, further proving that this entity poses a threat to all of humanity and every free voice striving for justice, not just to the Palestinian people.
– The Front calls on all the free people of the world to unite efforts to confront this zionist, U.S.- and Western-backed usurper entity, and to work on documenting these crimes as war crimes against humanity, contributing to enhancing international efforts to isolate this rogue and rejected entity, and to prosecute its leaders as war criminals before international courts.
The Popular Front for the Liberation of Palestine
Central Media Department
September 6, 2024
—
Democratic Front for the Liberation of Palestine:
—
The Democratic Front condemns the assassination of American activist Aysenur Ezgi by the “israeli” army using American-made weapons in Beita.
The Democratic Front for the Liberation of Palestine issued a statement today, strongly condemning the assassination of Turkish-American activist Aysenur Ezgi, who was in solidarity with the Palestinian people, particularly farmers, against the attacks by the “israeli” army and settlers on Palestinian farmers, their lands, and properties. The assassination occurred as Beita residents confronted settlers and occupation forces on Jabal Sbeih, which the occupation has been attempting to seize for several years.
This crime brings to mind the killing of American activist Rachel Corrie in 2003 in Gaza, as she stood in solidarity with the Palestinian people under the tracks of an “israeli” bulldozer, also American-made. Similarly, today, the Turkish-American activist was killed by an American weapon, with the occupation attempting to instill fear among those in solidarity with our people by treating them no differently than Palestinian citizens, deterring them from participating in solidarity actions, especially as we approach the olive harvest season. This year’s harvest comes amid a vicious campaign by the occupation army and settlers in the West Bank, continuing the campaign of genocide that began in Gaza.
“Israel’s” impunity for its crimes and aggression, and the ongoing provision of weapons by Western countries, especially the United States, amount to complicity in the aggression. This encourages the fascist occupation government to commit more crimes against our people and land without restraint, extending even to free activists, regardless of their nationality, even Americans. If it weren’t for U.S. support, “israel” would have long been forced to recognize our national rights.
Central Media – Ramallah
September 6, 2024
reshared this
MMR Nmd reshared this.
Wine 9.17 Released With Better ARM64 CPU Detection, HiDPI Window Surface Scaling
Wine 9.17 Released With Better ARM64 CPU Detection, HiDPI Window Surface Scaling
Wine 9.17 is out today as quite an exciting update for this open-source software that allows Windows games and applications to run on Linux systems and other platforms.www.phoronix.com
Elon and Russian propaganda
Today’s been another absolute zoo of a day, so here’s a little comic I saw going around on Mastodon.
What you need to know is that 1) Tenet Media turns out to have been – “allegedly” – a Russian-funded propaganda outlet, paying far-right commentators like Tim Pool hundreds of thousands of dollars to spread their disinformation, and 2) Elon Musk has been one of the biggest, if not the single biggest, booster of Tenet Media stories on eX-twitter.
X, what was once twitter, is an op.
59 days remain.
[link] #politics #sociality #USPol #fascism #politics #t0000000000bs_ #uspolitics
I was just ripping on one of histories most idiotic individuals.
like this
Zier likes this.
And could this facism be just a consequence of allowing more kinds of people on the platform and censoring less? In other words, that more freedom automatically brings more facism to the table?
I'm not trying to corner you or anything but I am wondering how and why things suddenly changed to seemingly a lot of people.
all the dog whistles you could ever want to court the fascist bros
I don't really know what group you're talking about here... The "facists"?
But who is not welkom that does not act like a ketamine karen? Did anyone get banned?
The rise of megaconstellations are threatening the ozone layer’s recovery | Space
Concentrations of ozone-damaging aluminum oxides in Earth's atmosphere could increase by 650% in the coming decades due to a rise in the number of defunct satellites burning up during reentry, a first-of-a-kind study has found. And, as satellite megaconstellations continue to pique the interests of private companies, this could be pretty bad news for our planet's protective shield known as the ozone layer.
NixOS - Beginner Resources for Flakes
Hi all! I'm trying to learn more about NixOS and wondering if anyone had an material they'd recommend that was Flake centric?
I'm planning to test drive NixOS on a secondary laptop as a learning opportunity- not planning on using it as a daily driver at this time, so I'm not too concerned about the learning curve; I realize it'll be a bumpy and steep road!
I did want to give a shout-out to @LunchEnjoyer@lemmy.world and everyone who replied in the NixOS beginner resources thread! Tons of good content shared there that I'm still working my way through.
like this
dhhyfddehhfyy4673 likes this.
You can go through his nixos series.
And there another YouTuber librephoenix. He has good learning material too. Here is link youtube.com/channel/UCeZyoDTk0…
Indie social sign-in could go mainstream
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
blog.erlend.sh/indie-social-si…
like this
originalucifer, tuckerm, kali and NataliaTheDrowned2 like this.
Are the people who invented this aware of NOSTR?
If so, what makes this different? And if not, perhaps we could use NOSTR to bridge the gap in the fediverse at the moment between NOSTR users and Mastodon/Pixelfed/Lemmy/KBIN/MBIN users
I started forking Lemmy for an inventory system but then realized that NOSTR was far more suited to that and other applications that require security and encryption.
i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.
am i wrong in thinking nostr has massive moderation issues that far exceed even what lemmy is going through?
like this
NataliaTheDrowned2 likes this.
Perhaps. I tend to listen to Snowden when it comes to tech. But I haven’t used it yet because all of the implementations I could use involved a bitcoin wallet. I’m a fan of crypto but that felt weird.
Someone else reassured me that NOSTR is a very open platform and that requirement wasn’t true.
From my research, I have found it to be far more decentralized than Lemmy’s (and the pub/sub) federated model, which would also, obviously have the same drawbacks that we see in other truly decentralized tech like crypto, torrents, and tor where you are on your own in the world, forced to literally keep the ocean of shit from infecting you! 😉
So, I think of those things as necessary evils. For example, if I used NOSTR, I could have an address that follows me no matter what. That cryptographic hash is my NOSTR identity for better or worse. That’s pretty powerful and far more secure than a two step verification process in the long run.
I don’t know enough about it yet. But I’d say it is a raw technology that I wouldn’t allow the criminals and trolls of the world define for me.
yeah, ive read from some other corners nostr is really being abused by bad actors due to the same anonymity you seem to require of it.
nostr is basically not moderate-able, which is a non-starter for the rest of us who dont really give a shit about 5 9s of anonymity and are attempting to maintain communities of decent humans.
“I” seem to require? No. I’m deferring to the cypherpunk manifesto which rings true over and over again.
IMO, anonymity should be able to be switched on and off at will by the user. Selective disclosure using homomorphic encryption coupled with digital identity can achieve both, IMO.
In particular, businesses require anonymity in much of their chain of custody…and I think that’s fair.
i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.
Also because blockchain, I believe? It's basically a cryptobro grapevine.
like this
originalucifer likes this.
sign in to websites using your personal web address, without having to use your e-mail address.
What is the point of that? For convenience, email addresses are much easier to come by than is web hosting. For being securely anonymous it's also much easier to do through email — but not by so much that requiring a website rules it out, if that's the intention.
This works way better than I expected. This is a static image test for a HUD on my home cockpit using a dead cheap beamsplitter made of plexiglass and a smartphone o0
beko.famkos.net/2024/09/06/156…
#FUI #homeCockpit #HUD #simpit
The realtime preemption end game — for real this time [LWN.net]
reshared this
Tech Cyborg reshared this.
After going through a rabbit hole what I learned that this patch does is to allow time critical applications at top priority.
Most of popular linux distributions already have this patch applied in one form or another.
What I think it means for end user is that if applications use this part of linux kernel correctly, then they can speed up some core parts, be more responsive, and stable. But if it's abused, it can end up slowing the whole system.
I made a local APT repository that automatically fetches DEBs and AppImages from anywhere
On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn't self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.
But, what if those would be upgraded at the same time as everything else using the tools you're familiar with ?
dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.
I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.
The stable version will come with a CLI wizard to avoid this manual configuration.
Feedback is welcome :)
like this
timlyo and NataliaTheDrowned2 like this.
reshared this
Tech Cyborg reshared this.
rpm-ostree systems, because any layered packages installed from RPM files have the same limitation of needing to be manually upgraded.like this
timlyo likes this.
I'd be willing to implement additional features for people who are extra careful about security.
Could you please explain what does this consist in ?
Thanks
file:// scheme or custom apt-transport. HTTP server is needless here. (But I'll never do this because I prefer to rebuild packages myself if there's no repo for my distro.)like this
DaGeek247 likes this.
local repo with file:// scheme
With that, I couldn't trigger a download when apt update is ran, I could only do a cron, i.e. a delay, that I do not want.
custom apt-transport
I thought about that, but found no documentation on how to do it. If you have any, I'm interested.
Even just finding documentation on how to generate DEBs and APT repository metadata files was very hard.
like this
DaGeek247 likes this.
libapt-pkg-doc (/usr/share/doc/libapt-pkg-doc/method.html/index.html).like this
DaGeek247 likes this.
In an APT package OMG 😂
I found an online version though, which I would never have found through my search engine (and on a site that doesn't even support HTTPS) 😅
Looks like difficult reading too 😭
Thanks anyway.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
I went way down the rabbit hole on this one and ended up with a proof of concept that's probably close enough to be able to wire it up: gitlab.com/-/snippets/3745244
I guess it didn't end up too much code, but I'm not entirely sure it's worth it.
(it's after 3 AM? oh no what have I done)
differently hacky idea:
since you do end up with all the packages in a repository on the filesystem, and you just want to have it do this just-in-time updating when the Packages file is accessed...
what if you list it as a normal file apt source, but you make the Packages file a FIFO?
it's a cursed idea but I'm not sure it is any less cursed than the other options we've come up with.
it may or may not help to have systemd.socket manage creating the FIFO and running the service.
What's a FIFO ?
I've also looked into VFS but found nothing I'd have the skills to implement. 😅
Sorry to ask
Don't be. I would love to know that an existing and more experienced program does what mine does.
I've been looking for it myself for a long time before deciding to build it.
isn’t this basically the same thing as apt-cacher-ng?
Here's what I'm reading :
Apt-Cache-ng is A caching proxy. Specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those.A caching proxy have the following benefits:
- Lower latency
- Reduce WAN traffic
- Higher speed for cached contents
+------------+ +------------+ +------------+ | Apt Client | <------+ Apt Cache | <------+ Apt Mirror | +------------+ +------------+ +------------+
So, not the same thing.
It locally mirrors existing repositories containing existing packages, it doesn't locally create a new repository for new packages from standalone DEBs.
Looks great, well done.
Personally, the deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop, where the handy one-click installation goes like this:
# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
sudo tee /etc/apt/sources.list.d/signal-xenial.list
# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktopWhy does Debian-Ubuntu not provide a simple command for this? Yes there is
add-apt-repository but for some reason it doesn't deal with keys. I've had to deal with this PITA on multiple occasions, what's up with this?
Thanks, and agreed !
Fortunately, copy/pasting works and you only have to do it once.
Why does Debian-Ubuntu not provide a simple command for this?
You aren't supposed to add repos. Ever.
wiki.debian.org/UntrustedDebs
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
An example is signal-desktop
Yeah don't use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.
bugs.debian.org/cgi-bin/bugrep…
The least bad option is the unofficial flatpak.
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
OK. I suppose this is the correct answer.
The least bad option [for Signal] is the unofficial flatpak.
Unless I'm missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I'm choosing to install software by X then I'm going to get it straight from X and not involve third-party Y too.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who... followed the same exact recipe is no different.
This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.
This might be for the better, but Discord was so infuriating about updates and forcing you to download them what felt like 50% of the time I opened it, I gave up and just use it in Ungoogled Chromium now. I'm pretty sure within a few months I ended up having 15+ debs of Discord in my Downloads folder.
For anyone else trying to use the native Discord app on Debian, I think they'll find this a major treat.
I didn't know there was one, that's interesting, thanks.
Updates must still be delayed because of being third-party though.
Discord not automating downloads of DEBs is one of the reasons motivating me to do this.
Personally I need the desktop client because I mod it with plugins that are so useful that I can't do without these anymore.
Alternatively, there are third-party repositories here and here.
There still is delay between Discord releases and repository updates so I still believe dynapt to be the better solution.
Personally I need the desktop client because I mod it with plugins that are so useful that I can’t do without these anymore.
Discord client modifications are against the Terms of Service.
gnu.org/philosophy/free-sw.en.…
Well, I'm just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.
If the automated process would be dangerous then the manual process also would be, and that would be on the maintainer for not providing an APT repository or a Flatpak, not on the user for just downloading from GitHub.
Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.
Yeah. You should never do that. Like ever. Build from source; or use a vendored tarball.
wiki.debian.org/DontBreakDebia…
.deb is a terribly insecure nightmare thats held up by the excellent debian packagers, gpg , and checksums, and stable release model. don't use .deb files.
I’m and end user
Yeah, we all are. What's your point?
End users are also developers. All computer users are developers. You are developing.
user working for end users
By making a script that lets me get backdoors and shitty packages with ease?
The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn't packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).
By using local .debs you lose the benefit of:
Reproducible buildsGPG checksums
Stable release model
debian security team
It’s a cool concept, but automation breeds laziness (by design, to an extent) and lazy end users tend to shoot themselves in the foot. So it isn’t great for security, but it also isn’t that much worse for security :)
Since some people with money tend to be litigious, and, of course, I am not a lawyer, I would advise a warning message (or part of the license if you don’t want to muck up your CLI), if you don’t have one, to force the user to accept and acknowledge that the software they are installing using this tool is not verified to be safe.
How is the manual step more secure though ?
What does the user do before downloading a DEB that makes that gap between manual and automated ?
I'd be willing to try and reproduce that, but I don't see anything.
I didn’t say it was more secure, I said it’s about the same.
The difference is a person being forced to go to a website to download software means more steps and more time to consider the safety of what they’re doing. It’s part psychological.
Not all such packages are retrieved from GitHub, I remember downloading numerous .deb files direct over the past 25 years (even as recent as downloading Discord manually some years back).
The main point I’m making is that you should legally protect yourself, it’s a low and reasonable effort.
I didn’t say it was more secure, I said it’s about the same.
You said automation breeds laziness (by design, to an extent) and lazy end users tend to shoot themselves in the foot.
So, my question is : what part of automating download of DEBs from a specific source can be shooting oneself in the foot compared to doing the same thing manually every time ?
you should legally protect yourself
The MIT license will take care of that.
Also, to force the user to accept and acknowledge that the software they are installing using this tool is not verified to be safe is inducing fear and/or guilt, therefore is bad UX, I'm not doing that.
I already answered that first question.
And then all those app store fronts that say whether a flatpak is verified or not is inducing fear and/or guilt and is therefore bad UX. It's not, but you are free to have your opinion.
Have fun then, I'm done wasting my time here.
No matter where you install from, you have to trust the source. Indeed, you have to trust every step in the supply chain.
If you are getting your code straight from the author, you are eliminating an exploit that’s introduced by a compromised account of a packager.
Carry on.
If you are getting your code straight from the author,
Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to "properly" install your package. Building from source is what you SHOULD be doing.
Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with 'lintian'.
.debs made by developers following a wiki tutorial can't even come close. remember, apt installs happen as root and can execute arbitrary code.
Also, debian packagers can be project maintainers, so they can be "the author."
This is somewhat re-inventing some things Ansible can do, which is download and install software whether it has a formal or informal source.
Ansible is the automation I use to manage personal and professional servers.
Neat project!
While this might not solve all of your use cases, did you consider a tool like mise?
Theres a number of other options out there such as asdf-vm and others who's names I can't recall. I recently moved from asdf to miss but its a great way to install things on different machines and track it with your dotfiles, or any other repo you want to use. Mise has tons of configuration options for allowing overrides and local machine specific versions.
It won't tie into apt for your upgrades but you could just alias your apt update to include && mise up.
Willing to give this a go.
Alright, don't hesitate to ask questions if you have any and request help if you need any
My go-to for getting non-repo debs automatically has been deb-get
Yes, I mentioned it in the Differences with deb-get & AM section of my tutorial.
it seems to go long periods of time between PR merges and releases (which includes adding new software)
Yeah, I could reiterate in that section that my app allows the user to add apps themselves.
Man pages maintenance suspended
From: Alejandro Colomar <alx-AT-kernel.org>
Hi all,
As you know, I've been maintaining the Linux man-pages project for the
last 4 years as a voluntary. I've been doing it in my free time, and no
company has sponsored that work at all. At the moment, I cannot sustain
this work economically any more, and will temporarily and indefinitely
stop working on this project. If any company has interests in the
future of the project, I'd welcome an offer to sponsor my work here; if
so, please let me know.
Have a lovely day!
Alex
like this
timlyo, TVA and NataliaTheDrowned2 like this.
like this
massive_bereavement, timlyo, TVA and NataliaTheDrowned2 like this.
Bruce Perens is currently working on a new licensing model called Post Open requiring that business with sufficient revenue to pay up.
like this
DaGeek247 likes this.
I believe it's 1% for access to the "entire post-open ecosystem", rather than 1% per project which would be unreasonable. So you could use one or thousands of projects under the Post-open banner, but still pay 1%.
It will take years to develop the post-open ecosystem to be something worth spending that much on.
like this
DaGeek247 likes this.
It's criminal to let someone do the thing he actively volunteers to do? It's criminal to use software that someone intentionally puts out into the world as free?
If you're willing yo do something for free, people are going to let you 🤷♂️
like this
DaGeek247 likes this.
The idea that all that work must be paid for by whoever uses it is exactly the opposite of what free software is about.
The free software as a passion project idea became untenable long ago. It works for UNIX style utilities where the project stays small and changes can be managed by one person but breaks down on large projects.
As a user, try to get a feature added or bugfix merged. Its a weeks or sometimes months/years long back and forth trying to get the bikeshedding correct.
As a maintainer, spend time reading and responding to bug reports which are all unrelated to the project. Deal with a few pull requests that don't quite fit the project, but might with more polish. Take a month off and wait for the inevitable "is this being maintained?" Issues reports.
I contribute back changes because I want those features but don't want to maintain a longterm fork of the project. When they're rejected or ignored its demoralizing. I can tell myself "This is the way of open source" but sometimes I just search for another project that better fits my needs rather than trying to work on the one I submitted changes to.
That is the happy path. The sad path of this is how many people look at the aforementioned problems and never bother to submit a pull request because it's too much trouble? Git removed most of the technical friction of contributing, but there is still huge social friction.
Long story short: the man pages maintainer deserves something for all the "work" part of maintaining. He can continue to not be paid for the passion part.
Not really. The problem with FOSS licensing is that it was too altruistic, with the belief that if enough users and corporations depended on the code, the community would collectively do the work necessary to maintain the project. Instead, capitalism chose to exploit FOSS as free labor most of the time, without any reciprocal investment. They raise an enormous amount of issues, and consume a large amount of FOSS developer time, without paying their own staff to fix the bugs they need resolved — in the software their products depend on. At that point the FOSS developer is no longer a FOSS developer, and instead is the unpaid slave labor of a corporation. Sure, FOSS devs could just ignore external inputs, but that's not easy to do when you've invested years of your life in a project. Exploiting kindness may be legal, but it should never be justified or tolerated.
Sure, FOSS licenses legally permit that kind of use, but just because homeless shelters allow anyone to eat their food, and sleep in their beds, that doesn't make the rich man who exploits that charity ethically or morally justified. The rich man who exploits that charity (i.e. free labor), and offers nothing in return, is a scummy dog cunt; there are no two ways about it. The presence of lecherous parasites can destroy the entire charity; they can mean the difference between sustainability and burnout.
FOSS should always be free for all personal, free, and non profit use, but once someone in the chain starts depending on FOSS to generate income and profit, some of that profit should always be reinvested in those dependencies. That's what FOSS is now learning; to reject the exploitation and greed of lecherous parasites.
like this
TVA likes this.
I'm a single dude who sells custom electronics with open source software on them. I sell maybe two PCBs a month. It just about covers my hobby, I'm not even living off of it. I can't afford commercial licenses. There has to be tiers.
In return, I've made every schematic, gerber file, and bill of material to my stuff freely available.
I would draw the line at shareholders.
You may use my software free of charge if you are a student, hobbyist, hobbyist with income, side hustler, sole proprietorship, LLC, S-Corp, non-profit, partnership, or other owner-operator type business.
Corporations with investors or shareholders will pay recurring licensing fees. Your shareholders may not profit from my work unless I profit from it more than they do. If you can afford a three inch thick mahogany conference table you can afford to pay for your software.
AGPL? Google has a ban on all AGPL software. Sounds like if you write AGPL software, corporations won't steal it.
Code licensed under the GNU Affero General Public License (AGPL) MUST NOT be used at Google.The license places restrictions on software used over a network which are extremely difficult for Google to comply with. Using AGPL software requires that anything it links to must also be licensed under the AGPL. Even if you think you aren’t linking to anything important, it still presents a huge risk to Google because of how integrated much of our code is. The risks heavily outweigh the benefits.
Any FLOSS license that makes a corporation shit its pants like this is good enough to start from IMO.
I might be misunderstanding the licenses so correct me if wrong.
Can companies use GPL code internally without release as long as the thing written with it doesn't get directly released to the public?
.. or does GPL pollute everything even if used internally for commercial purposes?
I think it kicks in when you distribute. For example, let's say I have a fork of some GPL software and I'm maintaining it for myself. I don't need to share the changes if I'm the only one using it.
The point is that people using a software should be able to read and modify (and share) the source when they want to.
IANAL and all that good stuff
I think its this site? kernel.org/doc/man-pages/
I don't see any option to give money. So he does not accept donations from users like you and me and only asks for sponsorship?
An alternate website can be found here: linux.die.net/man/ However, I don't know how much they differ.
Edit: What I don't like with both of these sites is, that they are powered by Google. I would like to see an alternative engine, at least an option to set it up. That's probably a reason why I never used it and actually wouldn't want to support it.
like this
DaGeek247 likes this.
You do realize that man pages don’t live on the internet?
What part of my reply is this an answer to? I know we have our man pages offline. But the website here is online and they use Google as a search machine. My critique is using Google and not providing an alternative search machine setup.
The few times I've needed to man [app name] on a system without internet access or on an obscure utility, I've always been able to find what I need in the included docs
I hope the dev eventually gets sponsored, this is one of those utilities that you don't think you need until --help doesn't cut it
Back in the day with dial-up internet man pages, readmes and other included documentation was pretty much the only way to learn anything as www was in it's very early stages. And still 'man ' is way faster than trying to search the same information over the web. Today at the work I needed man page for setfacl (since I still don't remember every command parameters) and I found out that WSL2 Debian on my office workstation does not have command 'man' out of the box and I was more than midly annoyed that I had to search for that.
Of course today it was just a alt+tab to browser, a new tab and a few seconds for results, which most likely consumed enough bandwidth that on dialup it would've taken several hours to download, but it was annoying enough that I'll spend some time at monday to fix this on my laptop.
like this
timlyo, TVA, NataliaTheDrowned2 and loppy like this.
like this
TVA likes this.
10k for a company making millions annually is nothing, 1% or less. But split between some of these projects, especially the less appreciated or funded ones, can be life changing.
But you're unfortunately right
That is part of why you're not a tech CEO. You're not supposed to have compassion! No investor would want that.
P.S. This is an attack on CEOs and investors, not on you :)
like this
NataliaTheDrowned2 likes this.
Unfortunately it is still not enough. There have been many instances of people using these licenses and still corporations using their software without giving back, and developers being upset about it.
And unfortunately there are no popular licenses that limit that. I've seen a few here and there, but doesn't seem to be a standard.
AGPL is the most restrictive OSI approved license (of the commonly used ones), but it is still a free (libre) open source license. My understanding is just that the AGPL believes in the end-users rights to access to the open source needs to be maintained and therefore places some burden to make the source available if it it's being run on a server.
In general, companies run away from anything AGPL, however, some companies will get creative with it and make their source available but in a way that is useless without the backend. And even if they don't maliciously comply with the license, they can still charge for their services.
As far as documentation goes, you could license documentation under AGPL, and people could still charge for it. It would just need to be kept available for end-users which i don't think is really a barrier to use for documentation.
some companies will get creative with it and make their source available but in a way that is useless without the backend. And even if they don't maliciously comply with the license, they can still charge for their services.
What is wrong with charging for your services?
Open source licences aren't meant to make it impossible to earn money or anything. As long as companies comply with the licences I don't see anything wrong with it.
If a licence wants to make it impossible to earn money they should put that in the actual licence.
No. I said even if they don't maliciously comply with the license [by making the open sourced code unusable without the backend code or some other means outside of scope of this conversation] then they can charge for it.
The malicous part is in brackets in the above paragraph. The license is an OSI approved license that allows commercialization, it would be stupid for me to call that malicious.
Yes, but how is it malicious to comply with the license? If the license doesn't require the code to be usable without a backend they have fully complied. Does the license even require usable code at all?
As long as they give the source code they are required to give I don't see any problem with it.
The difference is that commercialization is inherent with a free (libre) open source license. Whereas going against the intent, but still legally gray area, is imo malicious compliance because it circumvents what the license was intended to solve in the first place.
But that's all i really care to add to this convo, since my initial comment my intent was just to say that the AGPLv3 license does not stop corporations from getting free stuff and being able to charge for it-- especially documentation. Have a good one
It is my understanding that the only difference applies to hosted software. For example, Lemmy is AGPL. If it were GPL, then a company could take the source code, modify it and host their own version without open sourcing their modifications. AGPL extends to freedoms of GPL to users of hosted software as well.
A real example of this would be truth social which is modified Mastodon and as AGPL those modifications are required to be open source as well.
My old employer used to have people on staff just for technical writing. Some of that writing became the man pages you know, and some of it was 'just' documentation for commercial products - ID management and the like.
Then we sued IBM for breach of contract, and if you ask anyone about it they'll parrot the IBM PR themes exactly, as their PR work was brutal. People in Usenet and Forums were very mean, and the company decided to stop offering much of the stuff that it was for free. It was very 'f this'.
If man pages needed a volunteer to maintain, I know why ours tapered off.
like this
DaGeek247 likes this.
Mounting ssd causes graphics glitch during liveboot
I tried to install Arch Linux on my old faithful latitude 7490. After partitioning and formatting the drive I tried to mount the root partition and got this random glitch. When I unmount it the glitch stops. Maybe my laptop is trying to tell me I'm not ready for Arch 😅
I haven't seen something like this before so I thought I'd share.
In the video:
The screen of a laptop showing Arch Linux liveboot terminal. After creating partition table and formatting the partitions. I try to mount thebroot partition to the liveboot filesystem. The mounting succeeds but the text on the screen starts to shift andnjump eratically. Looks like the whole image shifts. Then I try unmounting the partition and the screen goes back to normal.
like this
etai likes this.
Absolutely loving Linux btw
Couldn't run Windows 7, and Windows 10 ran like shit. My old PC basically got a second life with Linux.
This is Half-Life GOTY running on Wine, runs really smooth.
The only downside is lack of directX support, OpenGL is there but the integrated graphics card only supports till OpenGL 2.1, which is not enough for many things, and also slower than directX. Still, my PC feels much faster now, and doesn't scream like a demon whenever I open up a browser :)
(Maybe I should dual boot Win7(While never connecting it to the web), just to play some more games with DirectX?)
Also, my local hospital has started using Ubuntu, their old PCs also couldn't handle the heavy burden of running Windows I guess 🤣
reshared this
Tech Cyborg reshared this.
like this
Get_Off_My_WLAN likes this.
I believe that VKD3D can give you directx support. Proton should be able to run most games these days, which is essentially a bundle of wine + vkd3d and other things. This is what valve created to run games on steam on linux/steamdeck. protondb.com/ shows what is able to run on it and it is most things that do not have some form of incompatible anticheat.
You might have more luck not using wine directly (if that is what you are doing) and using things like steam (you can add external games to it to run them in a proton context) or lutris or heroic games launcher.
When is this hardware from? 2010?
I have been using a 2013 MacBook Air recently that has Intel integrated graphics and have actually run a few Steam games in it. I also use a 2008 iMac but it actually has a dedicated GPU so that does not help with your hardware.
Even my old stuff has more than 4 MB of RAM though. That would be hassle these days.
I love running Linux on old kit. Way to go.
I really like Bottles. I also tried Lutris for Battlenet which worked really well.
I don't know all the differences between them though.
Here's an anecdote. Recently, I got a 14yo (I believe) MSI MS-AC73 AIO (i3-2120, 4GB DDR3, 120GB SSD), mostly to use as a 1080p display, but it had a free PC inside as a bonus. For shits and giggles I started installing different OSes on it. First was XP. finding drivers was a pain but doable, since the machine is old af. But no matter what I did, Intel GPU control panel didn't want to center 3:4 games properly.
Since it wasn't working so well, I decided to go the opposite side of the spectrum and install W11, to see how horrible it would be. After many hours of convincing W11 to install on this machine (which is surprisingly not Copilot+ compliant), I finally got it to boot with a local account, with all devices recognized (including the touch screen). MFW when it runs pretty decently all things considered. I went ahead and removed all the extra crap using CTT Debloater. Played a couple retro PC games, installed FF and watched some YT, which manages to run at 1080p without dropped frames.
Now, of course, I decided to dualboot Linux, cause duh. Picked the latest Manjaro (KDE), hoping it will handle games better in case I try anything (might be an uneducated choice). Install is much easier, of course, but everything also works out of the box. My disappointment when same FF massively drops frames on YT. Touch controls technically work, but it doesn't show the touch locations and other minor issues.
In the end, I mostly use the neutered W11 (too lazy to downgrade to W10), cause it plays videos much better and W95-98 games. But if somebody can tell me how to fix Linux video playback issues, that would be great, as I want to make it my Linux daily driver.
Now I have better context. Maybe I'll go with U.S.R.
usr did originally mean user and held user data.
Pretty sure this is a bacronym
usr does mean user. It was the place for user managed stuff originally. The home directory used to be a sub directory of the usr directory.
The meaning and purpose of unix directories has very organically evolved. Heck, it's still evolving. For example, the new .config directory in the home directory.
There's a little historical baggage, but look at Windows: multiple letters for drives, and all of the paths can be modified, so you have to ask Windows where any important directory is physically mapped (like SystemRoot or Documents or Temp or Roaming AppData or many others), because it doesn't have this nice consistent structure like Linux. Linux presents a logical layer and manages the physical location automatically. Windows makes you do the logical lookup yourself, but doesn't enforce it, so inexperienced programmers make assumptions and put stuff where the path usually is.
That's part of why logging in to Windows over a slow connection can take forever if you have a bunch of Electron apps installed: they've mismapped their temp/cache directory under the Roaming AppData, so it gets synched at every login, often GiB of data, and they refuse to fix it.
/mnt/elyssa and in every DE and distro I tried it appeared as a removable drive with the "eject" button. Right now I use Fedora with Gnome and if I install this extension or enable the removable drives option in Dash to Dock, it shows me that drive. Maybe some mount option in Gnome Disks, but since it's not that big of a problem, I haven't looked too much into it.
For example, the new .config directory in the home directory.
I hope slowly but surely no program will ever dump its config(s) as ~/.xyz.conf (or even worse in a program specific ~/.thisapp/;
The ~/.config/ scheme works as long as the programs don't repeat the bad way of dumping files as ~/.config/thisconfig.txt. (I'm looking at you kde folks..) A unique dir in .config directory should be mandatory.
If I ever need to shed some cruft accumulated over the years in ~/.config/ this would make it a lot easier.
permanently attached USB SSDs are supposed to be mounted
Just mount them somewhere under / device, so if a disk/mount fails the mounts depended on the path can´t also fail.
I keep my permanent mounts at /media/and I have a udev rule, that all auto mounted media goes there, so /mnt stays empty. A funny case is that my projects BTRFS sub-volume also is mounted this way, although it is technically on the same device.
It's not wrong, but it feels a bit like some tech articles you'll see which are obviously just created to fluff up a CV. I wouldn't say avyttring here is flat out wrong, just kinda... lacking.
But yeah, /boot holds "system boot loader files", sure, but that's a bit vague. It should contain your kernel and initramcpio and IIRC Grub also had its config here. That's pretty much it. I would've rather said /boot contains the kernel.
"device files" it's so vague that it's almost wrong IMO. At first glaze I would've thought that it means drivers rather than, say, "interfaces to devices"
I switched to Linux a few years ago and you are not wrong.
Windows is a nightmare with directory organization.
Saved games can go:
- My Documents/
- My Documents/Games
- My Documents/My Games
- /saved-games
c:/users/username/appdata/local/developer/game/engine/data3/saves/profile0/epe90_cats90-slot203.nonstandardfileformat
Would like an easy way to remember.
- mnt = mount
- opt = optional ?
- etc = etcetera ?
- proc = process ?
- srv = server ?
- var = variable ?
/srv stands probably for serve as in serving static files like static websites. (Source)
More information here: refspecs.linuxfoundation.org/F…
Or I guess technically some other standard could define it like the infographic, but the Filesystem Hierarchy Standard defines it as a secondary hierarchy specifically for user data.
like this
Aatube likes this.
It did, let me explain:
On the original (ie Thompson and Ritchie at Bell in 1969-71), I think it was a PDP-11, they installed to a 512kb hard disk.
As their "stuff" grew they needed to sprawl the OS to another drive, so they mounted it under /usr and threw OS components that didn't fit.
landley.net/writing/unixpaths.…
I've done the same, outgrew so you mount under a tree to keep going, it just never became a historical artifact.
Wow. Talk about ways to skin a cat.
I mount mine to /media using autofs.
I was, at one point, using /mnt but ran in to some situation that Proxmox didn't like that involved bind mounts (can't remember what) and shifted them all over to /media.
It meant user, as in user-installed programs and libraries for this system over the core system programs and libraries of the operating system in /bin and /lib.
Someone learned it wrong, but otherwise I think the image is right.
Danke!
This image shows how the system stores it's own stuff. Your junk will go in /home/mtchristo/whatever you want.
If you don't like that, you can do whatever you want. Linux will let you.
Think of it like in Windows where you have this structure.
That's an old image, though - Windows has a C:\Users\youruser setup like /home/youruser for a while now.
I find the %APPDATA% thing way less convenient than ~/.config and I'm quite happy when programs have the "bug" that they still use ~/.config on Windows.
You can just create partitions and mount them at whatever path you like.
Hell, you can do /c/not/sure/why/you/like/this/better/clownfarts_penis
When you run git-bash from an install of the git suite, that's a valid pathname.
Oh. Just on my system?
You can absolutely do this. You can mount partitions anywhere off of /
I have 5 drives in a system and I mount them as /storage1 through /storage5
Edit: Thank you, found it on your shared link ! 😄
Oh wow thank you ! Would it be to much to ask for a dark mode version? If there's a one hit button to change into a more eye friendly color mode :)
Either way, thank your for sharing your work :))
So where are programs installed?
I was playing with Linux the other day and installed something and was tearing my hair out trying to find where the exe or whatever was to launch the damn program.
None of the folders made any sense to me.
Toronto tenants fight rent increase, argue landlord is partially using it to cover redevelopment costs
Tenants of a Toronto apartment complex are fighting an application for an above-guideline increase to their rent, because nearly half of it is covering an environmental assessment that's typically used to help the landlord sell or redevelop the property.
The application was filed during the 2021 pandemic rent freeze for a 3.81 per cent AGI to cover roughly $647,000 in expenses from replacing a boiler, roof, paving and for "site remediation."
But according to records submitted in support of the application, it appears only about $26,800 of the $295,373.72 claimed for "site remediation" was spent on disposing contaminated soil found under the parking lot. That was in spite of an assessment finding that the soil wouldn't pose a health concern to residents, unless the property were redeveloped.
The remainder of expenses claimed as site remediation went toward the costs of a geo-environmental investigation and assessment of the site, according to engineering reports and invoices submitted with the application.
Erm technically that's the air pushing not the vacuum sucking 🤓
- Neil DeGrasse Tyson, probably
like this
ignirtoq likes this.
“massaging tartrazine solution into hairless mouse skin over the course of a few minutes or using microneedling achieves “complete optical transparency in the red region of the visible spectrum”
I know it didn’t happen this way but I like to believe it was someone having their unwashed dorito fingers after lunch, decided to massage a mouse for several minutes, and figuring this out
like this
NoneOfUrBusiness likes this.
like this
NoneOfUrBusiness likes this.
Doritos suck. Oh they might say HOT but what they really mean is: pussy ass chip.
I miss Paqie ghost pepper chips. Fucking Hersheys ....
“We strongly discourage attempting this on human skin, as the toxicology of dye molecules in humans, particularly when applied topically, has not been fully evaluated,” he tells Popular Science.
I feel like it's only a matter of time before this becomes a TikTok trend.
like this
PokyDokie and NoneOfUrBusiness like this.
I'd think a fracture big enough to be a problem would be immediately apparent, but if it's just a hairline, this probably isn't clear enough to show it...
OTOH, if you're around Portland, I know a super good podiatrist.
realtor.com/apartments/Portlan…
It can be done! Keep in mind too, I bet our wages are higher than TN too + no sales tax.
Wtaf, how are the prices in Portland better than in my little hick town in Tennessee? Jeeze
Just looked it up, and I'll make almost exactly 3 more dollars an hour, too. Honestly, this is worth genuinely considering
Ocean is about an hour away to the west, OTOH there's a giant volcano an hour to the east.
Bonus, Portland has a dormant volcano inside city limits:
Maybe not falling into the ocean, but does the idea of earth quakes, like "the big one" ever freak you out? I'd imagine I'd get used to little ones pretty quick, but the society-collapsing earthquake built up in my brain is very scary! Lol
Also, contacted my work and asked about transferring out there. We might actually be doing this!
PM me if you come out! I know a great podiatrist! We actually just saw him today!
Earthquakes are infrequent. I've felt a couple. More of a deal if you're at the coast because they have tsunami alarms. Feels like a big truck driving behind you.
Oh, and it's always "the coast", not "the beach". People don't really "go to the beach" like in California, LOL:
It's way, way too cold most of the year.
There are also dangers like sneaker logs. I love the coast and visit it when I can, but when you're a kid growing up here they always teach you "Don't turn your back to the ocean" because it has no pity and can and will straight up kill you.
weather.gov/safety/ripcurrent-…
"The coastline of Northern California, Oregon and Washington State are steep, tree lined, and have cold to frigid water temperatures. These beaches are quite unlike the flat, broad beaches of Southern California with their inviting warm water temperatures. The steep slopes of the Northwest’s coastlines are much more likely to cause sneaker waves; the trees that line the cliffs can wind up in the swift ocean currents running along the shoreline; while the cold to frigid temperatures, depending on the season, can induce cold water paralysis for anyone caught in these northwestern ocean waters.
While in Southern California people at the beach are in bathing suits or light summer clothes wading and swimming in warm waters with open beaches, in contrast in the North they wear heavier clothes, coats, shoes, and boots due to the cooler temperatures and in autumn and winter those waters are frigid. Encounters with the waves in Southern California, with its warm water temperatures and broad beaches, might simply knock a person over on the beach, but in the North the cold water temperatures could induce cold water paralysis rendering the individual helpless to escape the pull of the receding wave returning to the ocean.
Always respect the ocean on the beaches of the North Coast of California, Oregon, Washington with their steep, rugged tree lined coasts, and frigid ocean temperatures."
Tons of rivers and lakes, but you still have to be careful. Generally folks are out on the first hot day of the year and forget the water is still 50°. LOL.
There's this place called "High Rocks" and every year people are like "Well, start the clock until the first drowning..."
Things absorbed through the skin may be in a different state when they reach your bloodstream than things that are ingested. The process of digestion can break down a lot of things that would otherwise be harmful, but aren't similarly filtered when absorbed through the skin.
It's also why some medicines are taken by swallowing a pill, and some are taken by dissolving a tablet under your tongue.
like this
NoneOfUrBusiness likes this.
Some glow in the dark chemicals are called phosphors, and while they're named after phosphorus, they usually do not contain any phosphorus, zinc sulfide for example. These are the kinds of things you might find on a watch face or stickers or whatever that need to absorb light from some other source first.
To make it even more confusing, phosphorus isn't actually phosphorescent, its glow is from chemiluminescence, the result of a chemical reaction.
And for what it's worth, stuff that glows under a black light is fluorescent.
I don't think phosphorus has ever been used for glowing tattoos, and if it was I'm pretty sure no one is still using it. We're well outside of my realm of expertise, but it should also be considered that how a chemical enters your body can make a difference in how toxic it is too, there's a whole lot of chemistry at work in your body, and ingesting something and absorbing it through digestion isn't necessarily going to have the same effect as absorbing it through your skin, there's a reason different medications have to be taken oral, allowed to dissolve under your tongue, given as a suppository, intravenously, intramuscularly, subdermally, etc. that said, I'm pretty sure phosphorus is bad no matter how you put it into someone's body.
So, I skimmed the article and may have missed it. Why is this anything more that tinkering with and (maybe torturing) mice? What's the actual scientific value here? (Assuming invisibility potion wasn't an actual goal)
Perhaps medical dyes for imaging?
What's the actual scientific value here?
Transparent mice with multiple butts
Some of us can't be trusted with such power. I would personally use invisibility to switch items in people's coat pockets. Keys always in the left? Well now they're in the right pocket!
Total anarchy.
wait till you find out what redbull offers
the ultimate question: Flight or Invisibility ?
Why not both?
I'll just pound redbulls and doritos until I become a ghost. Shouldn't take long, I'd expect.
perhaps it’s worded that way for legal reasons? maybe if they flat out said it was non-toxic, and then it turned out that they were wrong, someone could sue them.
i am sure it’s the same sort of idea behind posting a video of someone committing a crime on camera, they use the word “allegedly”
dunno; not a lawyer
Yellow 5 is super common (in the US) for things that go inside our bodies. Doritos, Mt Dew, probably Red Bull. When we were kids there was a rumor that it would shrink your dick haha.
Read the ingredients on stuff the next few days and take note of how often you see it. It's probably why they chose it as one of the test substances. It's relatively safe to eat.
What is unknown is how dangerous it is to absorb large amounts into someone's skin.
It's like the illegal weed vape pen issue years ago. People would cut the product with vitamin e to thicken it and also make more money. Vitamin E is safe for human consumption. Turns out its vapor is terrible for lungs. It's quite unsafe for that kind of consumption.
[SOLVED: BAD LOGIN] Can't connect to WPA2-EAP on Fedora Kinoite
cross-posted from: lemmy.zip/post/22209812
EDIT: Turns out my login information was slightly wrong, and had nothing to do with security.My school uses EAP for its student WiFi, but there's no option for "EAP" security (PEAP, LEAP and every other option in KDE's WiFi security settings wouldn't connect). I'm pretty sure there was an option for EAP on Linux Lite (my previous OS before kinoite) which connected successfully. Is it possible to use EAP in Kinoite, and how do I enable/use it?
reshared this
Tech Cyborg reshared this.
EAP is a wrapper for a bunch of different protocols. EAP-MSCHAPv2, EAP-TLS, etc. If you have access to the network settings on a Windows machine you may be able to get more information there.
Also, try stack exchange: askubuntu.com/questions/279762…
You probably want Peap. I don't belieave you can't do EAP by itself. Go to your schools help page for the correct information.
Also since you are on Lemmy.zip, I do run a Linux question community !Linuxquestions@lemmy.zip
gibdos
in reply to petsoi • • •Yeah it's pretty awesome. My only gripe with it is the fact that it is super annoying when you want to send a client with your self-hosted urls to a customer.
You can either awkardly add it to the filename or you need to fork the client and build it yourself. Kind of sucks that the easier custom client function is stuck behind their subscription.
refalo
in reply to gibdos • • •smiletolerantly
in reply to refalo • • •refalo
in reply to smiletolerantly • • •souperk
in reply to petsoi • • •Possibly linux
in reply to souperk • • •Takahe
in reply to petsoi • • •refalo
in reply to Takahe • • •plasticcheese
in reply to petsoi • • •It freaked him out how easily I could get on and control his PC. I was impressed by the whole experience.
allywilson
in reply to petsoi • • •like this
timlyo likes this.
dethada
in reply to allywilson • • •like this
timlyo likes this.
BCsven
in reply to allywilson • • •GravitySpoiled
in reply to petsoi • • •Kazumara
Unknown parent • • •The server is used for hole punching, to open up a P2P connection thorugh NATs and Firewalls. If it doesn't work the server also relays the traffic between the clients.
Getting an end to end connection through todays internet is unfortunately not easy for an average user.
angel
in reply to petsoi • • •Rustdesk looks good on the outside, but if you look inside, it has a really bad codebase and has done some sketchy stuff in the past.
Last year, it installed custom root certificates as trusted on windows, which is a huge security risk: github.com/rustdesk/rustdesk/d…
On linux systems, it forced its own autostart with no option to disable this behavior: github.com/rustdesk/rustdesk/i…
In the past, when it didn’t have Wayland support yet, it edited your GDM config and just disabled wayland: github.com/rustdesk/rustdesk/b…
Furthermore, the code quality is really bad. 90% of the linux platform-dependant code is just executing shell commands and parsing their output, while the same could be achieved in a safe way with proper rust builtins: github.com/rustdesk/rustdesk/b…
While I agree that Rustdesk works pretty flawlessly, the codebase and the behavior of the developers made me distrust the software and I don’t recommend using it.
like this
KaRunChiy, timlyo and doc like this.
highduc
in reply to angel • • •boredsquirrel
in reply to angel • • •@petsoi@discuss.tchncs.de you might want to add that warning to the post.
They also tried to submit the app to Flathub, but had way too broad permissions with no explanation why. "Users expect filesystem access" etc. In the end it was rejected and they publish a .flatpak file themselves.
github.com/flathub/flathub/pul…
The other points are far worse though.
like this
timlyo likes this.
Karna
in reply to boredsquirrel • • •The whole discussion on that pull request is extremely sketchy, IMO.
haui
in reply to angel • • •Okayyyy… thats not great. I just read one of the threads and thats scary.
The person(s?) maintaining this seems to be VERY BAD at communicating. They did fix the auto start problem but did not at all discuss this from what I see. Thats not great.
Possibly linux
in reply to angel • • •To add on:
like this
timlyo likes this.
bluetoque
in reply to Possibly linux • • •Possibly linux
in reply to bluetoque • • •timbuck2themoon
in reply to Possibly linux • • •Possibly linux
in reply to timbuck2themoon • • •Fonzie!
in reply to Possibly linux • • •I don't see how that's a problem, it's not like it's by a Chinese run company or like the Chinese government is spying on you; in the case you described it'd just be a rando with a hobby/vision.
The fact that it keeps getting hosted in countries that have freedom problems, such as China and Russia, does concern me, though.
Possibly linux
in reply to Fonzie! • • •Fonzie!
in reply to Possibly linux • • •How do they make that illegal?
I can't find much on tech impeding laws online, whatever search terms I enter related to China and privacy just leads me to articles about their data protection law.
(edit: and their 2017 cybersecurity law)
Lettuce eat lettuce
in reply to angel • • •Really sad about this, because Rust Desk has been the absolute best remote access tool I've ever used in the IT world, and that includes many different professional tools like Ninja& Teamviewer.
It's so clean, easy to install and run, fast and low latency, handles multi-monitors great, runs on mobile, Linux, Windows, etc.
Such a shame that it is mired in controversy.
Psyhackological
in reply to angel • • •Wth is that, that is the most anti-idiomatic code I have ever seen
github.com/rustdesk/rustdesk/b…
I'm not an expert but this seems wrong.
angel
in reply to Psyhackological • • •dethada
Unknown parent • • •Rambomst
in reply to petsoi • • •philpo
in reply to Rambomst • • •And sadly MeshCentral is pretty much death development wise, isn't it? The main dev left Intel and now has not enough time for the project, wasn't that the story?
Edit: it seems to be developed again, much slower,though. But better than nothing.
Rambomst
in reply to philpo • • •philpo
in reply to Rambomst • • •I must actually revoke my statement,it seems like it is now being revived and is developed again, at a much slower pace,though.
But much better than nothing and at least security updates seem to be working.
Sorry for the misinformation, my bad, the different sources are quite misleading sometimes.
Catsrules
in reply to Rambomst • • •Have you tried changing the default view from Columns to List? IMO it makes the UI much better. Then you can add in a more details about each PC on the main view. Make is very useful if you have a lot of computers you are managing.
You can also switch from the left bar interface to top bar interface. That looks better to me. Also dark mode.
Rambomst
in reply to Catsrules • • •ColdWater
in reply to petsoi • • •haui
in reply to ColdWater • • •pop
in reply to petsoi • • •tired_n_bored
in reply to pop • • •Fonzie!
in reply to tired_n_bored • • •It's older than ChatGPT, but maybe this is true for their newer articles.
I also feel HowToGeek used to be great, now it's just affiliations and misinformation. Shame.
mariusafa
in reply to petsoi • • •Possibly linux
in reply to petsoi • • •DO NOT USE THIS
This is a massive security risk and they have had so much controversy. They also routinely delete Github issues and discussions that question them. To top it off they are likely Chinese run.
coolusername
in reply to Possibly linux • • •GlennicusM
in reply to coolusername • • •ReversalHatchery
in reply to GlennicusM • • •Possibly linux
in reply to coolusername • • •refalo
in reply to Possibly linux • • •Most confidently wrong statement I have read all year.
devfuuu
in reply to refalo • • •JustAnotherKay
in reply to devfuuu • • •As an american, the amount of people who refuse to accept that American Propaganda exists is staggering. I had an immediate reaction to seeing "China is good though" and I have no way of knowing if it's justified because I've been my told my entire life that China is an evil shithole by American propaganda.
To take it a step further and say "America doesn't have your best interest at heart" is deeply unsettling to the vast majority of Americans who blindly hand away their freedoms in the name of Freedom. Wait until people find out that our country is just like all the ones we're taught to hate
refalo
in reply to devfuuu • • •sunbeam60
in reply to refalo • • •Of course China uses encryption. So an obtuse, direct reading of that statement allows you, correctly, to say the commenter is wrong.
But what the commenter probably meant was “China bans the use of encryption that prevents the Chinese state from reading what is being exchanged” and that is confidently right. I’ve operated teams in China where we had a secret category 1 incident when it was discovered a couple of our devs had set up a VPN between a Chinese and a western service that didn’t go through the official Chinese-state controlled VPN services.
They absolutely do not want data they cannot read.
refalo
in reply to sunbeam60 • • •sunbeam60
in reply to refalo • • •lol. I AM the source. DM me with your LinkedIn handle, I’ll connect with you to validate my identity and you can tell anybody else watching that the story is legit. I don’t want to spill too many details in public as I don’t want to involve my old company in it.
And in terms of “state controlled VPN” services, it’s not that the Chinese state runs honeypot VPNs for companies (though they most definitely do for their own citizens), but that to have a license to operate a cloud service in China, you have to enforce CSL and that means they get private companies, western too, to do their bidding. If you encrypt data, you’ll get a stern call (as we did).
refalo
in reply to sunbeam60 • • •sunbeam60
in reply to refalo • • •ReversalHatchery
in reply to coolusername • • •refalo
in reply to Possibly linux • • •Possibly linux
in reply to refalo • • •refalo
in reply to Possibly linux • • •lime!
in reply to refalo • • •refalo
in reply to lime! • • •Eyck_of_denesle
in reply to lime! • • •lime!
in reply to Eyck_of_denesle • • •bastionntb
in reply to refalo • • •Possibly linux
in reply to refalo • • •news.ycombinator.com/item?id=3…
forum.tuxdigital.com/t/any-use…
reddit.com/r/selfhosted/commen…
lemmy.ml/post/12462223
As HN: RustDesk Installs Chinese Root Certificates | Hacker News
news.ycombinator.comBCsven
in reply to refalo • • •Jayb151
in reply to Possibly linux • • •refalo
in reply to Jayb151 • • •Jayb151
in reply to refalo • • •Possibly linux
in reply to Jayb151 • • •Maybe meshcentral?
It depends on what you are trying to do. You also could do something like Tailscale + TightVNC
Wispy2891
in reply to Possibly linux • • •Catsrules
in reply to Wispy2891 • • •Completely disagree. Meshcentral is amazing. I use it almost everyday. Sure it has some querks, and I am not a fan of the default layout but that is an easy change.
It is certainly not discontinued.
Yes Ylian (the developer) was laid off from Intel and later started working at Microsoft. But the project is still alive and well. (He owns the domain so he was able to keep the website alive. Another user (Si458) Has taken up alot of the development (30 commits this month ) and Ylian has also continued development although much less now he has a day job. (1 Commit this month)
The only thing that got discontinued was the publicly hosted server of MC. That was costing to much and it required to much maintenance now this became a side project. So you will need to self host it now.
Wispy2891
in reply to Catsrules • • •Catsrules
in reply to Wispy2891 • • •You can download everything here.
meshcentral.com/downloads.html
~~But to your point meshcentral.com (That is linked in the Github page give me a certificate error. Guess they need to fix that lol) But meshcentral.com (without the www) works.~~
Github page has been fixed!
Wispy2891
in reply to Catsrules • • •Yay everything is back
I wanted it to control the computers via Intel amt, but the official tools sucked. Went to download and they were removed: of course he had to be fired after multiple decades to make the shareholders happy
From that day i am boycotting Intel, you have customers that paid a premium for fucking Intel vpro and then you fire the guy who in his free time made an invaluable tool that increased your corporate sales???
Catsrules
in reply to Wispy2891 • • •XNX
in reply to Jayb151 • • •airikr
in reply to Jayb151 • • •HopToDesk. hoptodesk.com
It's a fork of RustDesk.
D_Air1
in reply to airikr • • •github.com/rustdesk/rustdesk/d…
warmaster
in reply to airikr • • •ikidd
in reply to warmaster • • •Possibly linux
in reply to airikr • • •dyc3
in reply to Jayb151 • • •Robust Mirror
in reply to Jayb151 • • •Cysioland
in reply to Possibly linux • • •ReversalHatchery
in reply to Possibly linux • • •PushButton
in reply to Possibly linux • • •What?
Rust doesn't solve all security issues in codebase?
People should take note of that; I surely did...
Karna
in reply to petsoi • • •ReversalHatchery
in reply to petsoi • • •I was hesitant to open this post because I already know about rustdesk, but eventually I did to see the community's opinion on it. I'm so glad that I did because this is terrible!
I think more people should hear about all of this
Ark-5
in reply to petsoi • • •biscuitswalrus
in reply to Ark-5 • • •I spent like 20 minutes self hosting and running over tailscale so traffic is always private... Never had an issue. I've got over 20 devices accessible on it.
Easy to remote register over ssh just by sending the installer plus running with server name plus key, then setting a static password.
I still think gaming wide moonlight is great though. You won't really regret that.
Ark-5
in reply to biscuitswalrus • • •Semperverus
in reply to dethada • • •setVeryLoud(true);
in reply to petsoi • • •