• 1 Post
  • 21 Comments
Joined 1 year ago
Cake day: August 10th, 2023
  • moonpiedumplings@programming.devtoPrivacy@lemmy.mlThe Best Encrypted Messengers in 2024
    1·
    4 days ago

    Anyway the centralized nature of Revolt Chat makes it no very appealing for me.

    I agree with this. I will probably stick with either matrix or xmpp due, to their federated nature, and strong E2EE. Matrix is a better discord replacement, as it has more features, is more standardized, has a better web client, and has “spaces”, which are somewhat analogous to discord servers.

    Xmpp however, is much more lightweight on both servers and clients than matrix, and it’s E2EE works more reliably (none of that "failed to decrypt nonsense), and makes a better E2EE messenger.

  • moonpiedumplings@programming.devtoLinux@lemmy.mlAny sketch pad with FOSS drivers/firmware?
    11·
    13 days ago

    https://wiki.archlinux.org/title/Graphics_tablet

    The Arch Linux kernels include drivers by the linux-wacom and DIGImend projects. linuMLx-wacom supports Wacom devices, while DIGImend supports devices from other manufacturers. Both projects publish a list of supported devices: linux-wacom, DIGImend

    Due to how many devices are supported, your best bet is to simply go to your nearest store that sells them and then checking if Linux supports it against those two lists, which there is an extremely high chance it does.

    Then you should also check reviews, to make sure you get a good one.

    I have a Wacom Intuos CTL-4100WL, and it’s served me well for math notes using Xournal++ (app for handwritten notetaking), but I truly have no idea how good it is for actual drawing related applications, as I don’t do it for that at all.

  • moonpiedumplings@programming.devtoFree and Open Source Software@beehaw.orgDrew DeVault on the biggest threats to FOSS and some proposed solutionsEnglish
    2·
    1 month ago

    Why is SSPL not considered FOSS while other restrictive licenses like AGPL and GPL v3 are?

    So I have an answer for this. Basically all of the entities listed that relicensed their projects to the SSPL, also relicensed their projects using the dual licensing scheme, including one proprietary license. That’s important later.

    The SSPL’s intent is probably that the deployment framework used to open source this software must be open sourced. I like this intent, and I would consider it Free/Libre Software, but it should be noted that another license, the open watcom license, which requires you to open source software if you simply deploy it, is not considered Free Software by the FSF. I don’t really understand this decision. I don’t count “must share source code used” as a restriction on usage cases. It seems that the FSF only cares about user freedom, whoever is using the software, and views being forced to open source code only used privately as a restriction.

    Now, IANAL… but the SSPL’s lettering is problematic. What is part of the deployment system? If I deploy software on Windows, am I forced to open source windows? If I deploy it on a server with intel management engine, am I forced to open source that? Due to the way it is worded, the SSPL is unusable.

    And a dual license, one proprietary and one unusable means only one license — proprietary. There’s actually a possibility that this is intentional, and that the intent of the SSPL was never to be usable, but rather so that these companies could pretend they are still Open Source while going fully proprietary.

    But, for the sake of discussion, let’s assume the SSPL’s intent was benevolent but misguided, and that it’s intent was not to be unusable, but rather to force companies to open source deployment platforms.

    Of course, the OSI went and wrote an article about how the SSPL is not an open source license but that’s all BS. All you need to do is take a look at who sponsors the OSI (Amazon, Google, other big SAAS providers) to realize that the OSI is just protecting their corporate interests, who are terrified of an SSPL license that actually works, so they seek to misrepresent the intent of the SSPL license as too restrictive for Open Source — which is false. Being forced to open source your deployment platform still allows you to use the code in any way you desire — you just have to open source your deployment platform.

    Is there some hypothetical lesser version of SSPL that still captures the essence of it while still being more restrictive than AGPL that would prevent exploitation by SaaS providers?

    AGPL. There’s also Open Watcom, but it’s not considered a Free Software license by the FSF, meaning software written under that wouldn’t be included in any major Linux distros.

    I think in theory you could make an SSPL that works. But SSPL ain’t it.

    Of course, there are problems with designing an SSPL that works, of course. Like, if you make it so that you don’t have to open source proprietary code by other vendors, then what if companies split themselves up and one company makes and “sells” the proprietary programs to another.

  • moonpiedumplings@programming.devtoFree and Open Source Software@beehaw.orgWhy FOSS projects are using proprietary, privacy invasive infrastructure?
    1·
    3 months ago

    Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,

    Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn’t bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.

    So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob’t even need to make an account.

    And it’s not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.

  • moonpiedumplings@programming.devtoNix / NixOS@programming.devNixOS As a replacement for active directory?English
    0·
    5 months ago

    The person telling you to “learn what AD is” is kinda a douche, but they aren’t wrong.

    AD is mainly 3 components in one:

    • Configuration management across a variety of machines
    • Shared logins
    • Shared user data across many machines

    All of these are doable on Linux. In many ways. Many, many ways. That you have to set up yourself.

    For configuration management, do you want ansible, puppet, chef, nix, etc?

    For shared logins, do you want openldap, lldap, Red Hat’s ldap, etc?

    For shared user data, do you want nfs, systemd-homed, or something else?

    And for all of those, you have to evaluate, maybe test, and then select a solution, and then set it up yourself in a resilient manner.

    Nixos, as a server distro, can host the relevant services needed for this. As a desktop distro, it can also do configuration management. But that’s missing the point of AD, in my opinion.

    The point of AD, and how it managed to become so popular, is that it is all of those, in an all-in-one solution that is simple to use (joining Windows machines to a domain is trivial), and it also comes with paid support.

    Even if you were to build your own alternative on Nixos, which would be a lot of tinkering and twiddling, then you would end up with some of the same core features, but you would have to maintain, secure, etc, it yourself, and not having to do those to such an extent is why people buy Active Directory. There would be no alternative to things like Group Policy, instead you would be writing your own nix code.

    So yeah. Unless someone comes along and builds an all-in-one solution on top of Nixos, nixos isn’t really an alternative to active directory. You can replicate the core features. But it’s not an alternative.

  • moonpiedumplings@programming.devtoSelfhosted@lemmy.worldPSA: Docker nukes your firewall rules and replaces them with its own.English
    0·
    5 months ago

    Dockers manipulation of nftables is pretty well defined in their documentation

    Documentation people don’t read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.

    As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.

    Too bad people don’t read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver’s webtop, because it’s an example of the two of the worst footguns in docker in one

    To include the rest of my comment that I linked to:

    Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?

    No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.

    On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.

    You originally stated:

    I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

    And I’m trying to say that even if that was true, it would still be better than a footgun where people expose stuff that’s not supposed to be exposed.

    But that isn’t the case for podman. A quick look through the github issues for podman, and I don’t see it inundated with newbies asking “how to expose services?” because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.

    (I don’t have anything against you, I just really hate the way docker does things.)

  • moonpiedumplings@programming.devtoSelfhosted@lemmy.worldPSA: Docker nukes your firewall rules and replaces them with its own.English
    0·
    5 months ago

    Yes it is a security risk, but if you don’t have all ports forwarded, someone would still have to breach your internal network IIRC, so you would have many many more problems than docker.

    I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

    My problem with this, is that when running a public facing server, this ends up with people exposing containers that really, really shouldn’t be exposed.

    Excerpt from another comment of mine:

    It’s only docker where you have to deal with something like this:

    ---
services:
  webtop:
    image: lscr.io/linuxserver/webtop:latest
    container_name: webtop
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SUBFOLDER=/ #optional
      - TITLE=Webtop #optional
    volumes:
      - /path/to/data:/config
      - /var/run/docker.sock:/var/run/docker.sock #optional
    ports:
      - 3000:3000
      - 3001:3001
    restart: unless-stopped

    Originally from here, edited for brevity.

    Resulting in exposed services. Feel free to look at shodan or zoomeye, internet connected search engines, for exposed versions of this service. This service is highly dangerous to expose, as it gives people an in to your system via the docker socket.