Someone hasn’t watched many gore videos

What’s wrong with the Arch workbench in FreeCAD?

DuoLingo

rclone with backblaze b2.Goodl luck finding a cheaper solution that’s actually durable.

Well, for one, you can sue someone until they run out of money

Go to Plugins. Enable “OpenStreetMaps Editing” and login.

Now just long-tap anywhere on the map and choose Actions -> Create POI

I add stuff in OSMAnd. But StreetComplete is easier for, err, completing data on what’s already there.

Wait till you learn about ask Jeeves

https://ddg.gg

Pick 4 NGOs per year. Donate 10% of income at the end of the year to them evenly.

Next year pick another 4 NGOs that you think did great work that year.

Encryption?

That’s not users of flstpak, that’s developers. This applies to developers uploading to flstpak. There isnot security for end-users downloading from flatpaks.

I’m not calling you names, I’m calling you out on misinformation. There is such a thing as facts, and it’s important that we don’t misconstrue them.

Optional signing of commits in git is not the same thing as mandatory signing of all packages.

Fact: If I download software with apt in Debian, It’s 100% going to verify the cryptographic authenticity of that package. If the signature doesn’t match, it won’t proceed with the install (unless I choose to override the warning).

Fact: If I download software with flatpak, it may download maliciously modified software and install it without verifying its authenticity.

I’m not aware of any way to configure flatpak to force it to verify the signature of releases between download & install (so if the signature is unavailable or invalid, it does not install the software). Again, flatpak is not a safe way to download software, and I don’t think it’s possible to configure it to be safe.

If I’m the one spreading misinformation, then show me the documentation from flatpak that indicates that all packages are verified by their PGP key after download.

I think it’s a fairly reasonable expectation that a software repo won’t download malicious software. Flatpak doesn’t do that.

This is misinformation. Flatpaks are far less secure than installing from apt. All packages installed from apt are cryptographically signed. This isn’t the case with flatpaks.

Cryptographic signatures of releases are not required for all packages in flatpaks. They are for packages installed in apt.

Ah, if it’s only available on flatpaks, that’s why few people know about it.

Flatpak is a very insecure method to download software BTW, you probably should avoid it

Edit: It’s curious that I’m getting downvoted for stating a fact. It seems a lot of flatpak users don’t understand security. But that’s kinda the point: even the flatpak developers don’t understand the difference between integrity and authenticity

• https://github.com/flatpak/flatpak-builder/issues/435

Flatpak currently does not provide authenticity, and one developer made it clear that he doesn’t understand why that matters in the above ticket that requested signatures of packages back in 2016. It’s been 7 years and still they haven’t fixed this. I don’t think the flatpak team understands or cares about security.

How is this better than zim? Is this in the Debian repos?

Isn’t XMPP an open-source slack Alternative? Also Matrix?

Hipchat is XMPP. I used to connect to it in Pidgin.

I like XMPP and OTR is nice, but we need double-ratchet for secure communications and sync with multiple devices.