OG “fake it till you make it” business.

Feels like 99% of “social” network startups. The dead Internet theory started before the LLM craze.

implementing ActivityPub from scratch?

Why do that though? As someone mentioned there is https://fedify.dev/ but also Fedbox itself relying on microfed. So you can rely on existing small servers and libraries https://socialdocs.org/docs/ecosystem/libraries-overview

I would precisely suggest NOT to make your own solution if it’s not your focus. If you are a Pinterest alternative, focus on the photo sharing experience (I naively assume that’s the core) and rely on something well maintained to federate.

So for the PineTime the most popular firmware is https://infinitime.io/ and by default you get

• Watchfaces for telling the time
• Steps (displays the number of steps of the day and the daily goal)
• Heart rate (controls the heart rate sensor and display current heartbeat)
• Music (control the playback of the music on your phone)

and the PineTime is relatively slick, large bezel but frequently people told me, surprised if they knew me, they though I had an Apple watch, which was a brilliant moment to open up the discussion about open source, free software, open hardware.

Meanwhile Watchy has e-ink and the 3D printed frame is very bulky. It’s definitely a lot more noticeable and I received few compliments for it. By default its firmware is https://github.com/sqfmi/Watchy and…

• time (+ weather if connected to network, not mobile phone, via WiFi not BT)
• Steps

… and that’s about it. Honestly the Watchy ecosystem is a lot less lively than InfiniTime. Sure you get some different watchfaces but that’s about it in terms of popular customization AFAICT. Basically I’d only recommend it if you only want a watch for time and if you are adamant about e-ink.

Linux on desktop, self-hosting and GrapheneOS too.

I have a few smart watches, namely PineTime and Watchy by SQFMI but… honestly I don’t wear them anymore simply because I try to be as minimalist as possible. In fact just yesterday afternoon I was wondering if I could do without GrapheneOS because I might actually NOT need a phone.

So… what do you want out of watch?

I can recommend both but honestly it depends on your need.

• Install anyway
• daily drive
• do a SeedVault backup on a USB stick

then optionally, after a short while if you are convinced

• buy a 2nd hand Pixel 8 (cheapest with longest support) or whatever match your preferences, maybe by then even a Motorola with official support
• bring your SeedVault backup back to the new device including, contacts, apps and data

No matter what you do you will be “left behind” but at least you have time to learn something useful in the meantime then reassess.

a Jia Tan type of actor

Yes, absolutely, yet the fact that we even know who they are proves that it’s definitely an odd case. It’s important to remember it but it’s definitely not a normal situation.

I haven’t but I did built relatively large projects before (e.g. browsers) and basically it depends mostly on 2 things :

• are you in rush? If not just let it run over night, if you are then delegate it (if you can afford it and matches your threat model) to a cloud provider (rent a couple of instances for however long you need, that’s where the hourly pricing matters)
• is the build system properly setup for reproducibility, e.g runs in a single container on AMD64? if so just start it and move on, otherwise be prepared for an indefinite amount of tinkering

I think it’s interesting to do but honestly as someone else mentioned, builds are signed. In fact at the end of https://grapheneos.org/install/web#verified-boot-key-hash you get the verified boot hash. The goal is precisely to check that you actually get what you are supposed to have running. Basically the big picture of reproducible builds is that you do NOT have to do it and can STILL verify that you have exactly, up to a single bit, what should have.

Hi there, how about keeping history of past messages? I mean if all participants leave the channel, can they all keep history using e.g. localStorage and when they come back, see what has been shared until now including when they were away thanks to history of that channel from others?

I think that’s precisely what this is questioning : is this helping fund critical FOSS?

What if a fraction of that money instead went to Signal infrastructure? Wikimedia? FSF which initially made GNU PG? FSFE? NLNet which supports Delta Chat? Sovereign Tech Fund? etc rather than individuals?

I don’t think anybody is criticizing that hard working people contributing to a good project are well paid. I believe the question is rather what’s the cost to OTHER projects when there is 1 project, not an umbrella projects which funds others (again like NLNet or the Sovereign Tech Fund).

What model are we reproducing and what’s the risk?

FWIW the question isn’t new. It happens also with Mozilla with the compensation of its C-suite staff, not the “random” software engineer.

No and honestly I don’t think it matters. Set the age of your OS to 18 (assuming you are 18) and move on. What’s the issue?

That being said if you are really interested in the topic and use this as an “excuse” to learn check out https://jsandler18.github.io/ and don’t worry if you don’t have an RPi to run it, you can use QEMU. After that you can dig into https://wiki.osdev.org/ really a fascinating journey.

I tinker with VLC using and… so far my “trick” is a bit dirty, namely I don’t “control” it as much as I killall potential running instances then I start cvlc again with the right parameters. If you want continuity though you might not want that.

Note also that if you plan to do scripting check mpv as it’s a bit easier to tinker with IMHO.

Python

Check https://pypi.org/project/python-vlc/ then for Python bindings, that should give you the affordances you need.

Checkout https://splintercon.net/ and follow the advice given to political dissidents and journalists.

I have genuinely no idea how that could work.

I believe I get the genuine intent (protecting children) but I have so far never encountered any device or software or both that didn’t relatively easily bypass user authentication.

The closest I’ve tried are (expensive) XR headsets like the Apple Vision Pro or the Microsoft HoloLens both thanks to eye tracking. Basically for these you have to validate you are who you claim to be when you put the headset on. If you remove it, put it back (or on someone else head) you have to do it again. Nobody else (unless you explicitly share) can then see what you are looking it.

Every other devices I’ve seen, including mobile phones with banking apps, typically ask you to authenticate then assume than you are the one who keeps using the device. Meanwhile anybody else can grab the device from your hand and be “you”. Typically specific action (e.g. password change) do require to authenticate again but “normal” usage does not.

Also self-hosting is not trivial but it got way easier over the years IMHO thanks to Docker/Podman. Also I’d recommend investing time in it because… it will still be worth it in a decade!

If you are up for it I could write few “challenges” for you and see where it leads.

Check my post history if you want as I did post quite a few times about my journey there but basically :

• used Android a long time ago
• switched to iOS due to discussions with security experts at Mozilla
• bought and used sporadically Linux proper phones (PinePhone and PinePhone Pro) with different distributions
• tired of iOS restrictions as a developer, switched to /e/OS last year

The main appeal of /e/OS for me wasn’t security or privacy but rather being able to purchase a phone with the OS installed. I wanted to buy a phone, put the SIM in and be pretty much done with it. I also wanted banking apps to keep on working. I bought the cheapest /e/OS phone namely https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ then and basically I’ve been using daily since.

Few clarifications that I believe are misunderstandings :

• on security, yes /e/OS lags behind GrapheneOS for Android updates. If you are worried of 0-days because you are a political dissident you should probably NOT use /e/OS but get your setup reviewed by experts. You should definitely not trust randoms strangers on the Internet on that topic. It’s important to put an emphasis on the fact that even with the latest Android updates, a phone is still not entirely secure, does not matter if it’s with Googled Android, GrapheneOS, iOS or whatever other OS. It’s only the least worst known state, in theory. It’s better to follow best practices but without being either naive or paranoid.
• on privacy, /e/OS has some defaults you might not like but they are JUST that, namely default settings. If you do not want to use a Murena account, simply do not create one. That’s it. You won’t have any call to any API, even proxied one like OpenAI. AFAICT this is also only for paid accounts so it can’t happen by mistake. Feel free to check my post/comment history on that. Again if your threat model is any information leak, might be better to use GrapheneOS but if you are fine with just avoiding the downside of surveillance capitalism, IMHO /e/OS is good enough, namely you don’t share usage data to Google, even with default settings.

Another alternative https://framaforms.org/

Marketing BS. Just bother to pull the strings for a short while and you’ll find an artist, genuine or con artist, with their own needs, fame, wealth, humor, etc to potentially fulfill via the process who invested time to start the process, sometimes going through the hoops of buying the domain from NameCheap.

Duplicate post, please remove.

Website https://www.meteo.be/ and their app be.irm.kmi.meteo but that’s just Belgium.

This will not be a fork of OpenRGB. While I plan to take a huge chunk of it (the reversed generiert device protocols)

How about opening an issue on OpenRGB asking what you need and why, maybe it can be abstracted away, headless, and that architecture change could be useful for them and other projects too then?

You can do that part yourself and let other use that new tool as their dependency but it means you’ll have to keep it up to date against OpenRGB itself as it supports more devices just because of its popularity.