https://codeberg.org/konform-browser/gentoo

See also: Bug 1405971 + Bug 1717671

fix

deleted by creator

Unnecessary hostility. They can not and are not retroactively changing license on past contributions. The only thing affected is upstream future contributions. If nothing was lost, how can it be “theft”?

So can we take the code from up to about a mo the ago

Yes. As long as you also comply with license.

No mention if it is EME-Free (no DRM playback possible)

DRM/EME/WidevineCDM integration disabled by default. They can still be enabled via the usual preferences. They will also be fully enabled like in FF (including downloading and installation of trusted binaries) if user enables “Just Make it Work” preset.

Settings and prefs and bookmarks sync is a strong want from me, I just want to do so self-hosted, and not via Mozilla’s servers.

Konform Browser still supports enabling that and has UI to make configuring custom Sync- and Accounts server endpoints more straightforward.

Separately, profile import feature also supports other Firefox-based browsers as of recently.

Not like Apple cared to look at it when people reported it to them. So much for App Store safety.

https://news.ycombinator.com/item?id=47744660

You still need to use a privacy-centric browser

Check out Konform Browser. Least leaky one out there.

I think uBO does have that.

Open popup -> Ctrl-click ⏻

Hard to give good advice without knowing more where you’re @. Leaving out the human and organizational aspects, which might be at least as important:

It could do you well to “harden” your environment and take a hard look at the software you are already running, what it does, and how it got there. Try to remove rather than add. Reduce your surface-area and exposure. Consider what options you have to isolate and “lock down” what remains.

Cut out or replace any software that calls home. Isolate and sandbox things. Take a critical look at your supply-chain(s): Are you satisfied with your repos/registries/installation methods? How auditable are your services in reality? Can you improve on that? Are there things that should be mirrored and/or built from source? (BTW, reading the source of the stuff you use and rely on and building it is a good exercise in itself whether you end up relying on the output or not)

Get familiar with relevant monitoring and debugging tools for whatever you have. Learn how to verify and validate your assumptions of “what is going on”. This probably involves getting comfortable and intimate with traditional data-engineering processes and tooling.

This applies to everything: shared infrastructure “in the cloud”, IDE and browser on your local workstation, transitive dependencies of apps you are working on and their toolchains, etc.

Maybe you need/want to set up some mirrors and dedicated CI. Forgejo is one easy way to get started as it comes with a lot of the components you need in one package.

If not used to doing so already, force yourself to think from first principles. Take less things for granted. Practice active threat modeling. Think about trust. Audit yourselves.

The “Sec” part is more about processes, focus and mindset. What tools are important can vary widely depending on what you have to work with.

deleted by creator

Redditors have long been the best bullshit detectors, and increasingly great Turing testers.

🦾

@[email protected] you’re going too far with the reposting IMO and I urge to revalidate your entire approach.

This is a user question copy-pasted without their consent (and possibly even knowledge; they may not be getting notified of your reshare despite the @).

Others may overlook that the OP has no involvement in the post here and post answers that the OP never becomes aware of (since you gracefully remove links to the source post).

Besides, you’re literally incentivizing people to prefer posting on .ml in order to then be reshared by your accounts elsewhere. By rebroadcasting .ml content (especially when at a higher rate than other content), you’re introducing perverse incentives and cobra-effecting your whole anti-.ml-operation by driving posters to .ml. Even readers, when they end up browsing it from digging up the original sources for posts like this one.

There are other (I assume unintended) negative side-effects of what you are doing and they way you are doing it. You are single-handedly reshaping threadiverse but maybe not the way you intended or for the better…

You go first.

You are correct. Similar to how /etc/passwd used in all Linux distros has had mostly neglected “GECOS” field for full name and phone number for decades. I am yet to hear of SMS validation done against such phone numbers.

https://en.wikipedia.org/wiki/Gecos_field

Why not extend the GECOS field? I haven’t seen the conversation but assuming it has to do with access control. By putting it in passwd/shadow you’re limited by filesystem permissions on the whole file, meaning it becomes impossible or annoying to do selective disclosure to certain user/process without bolting some service similar to what systemd is doing on top.

Lots of references to discussion and alternative proposals are tracked by Kicksecure/Whonix: https://www.kicksecure.com/wiki/Age-api

No. This is the first time in ~a decade¹ I’ve felt anything resembling optimism about Manjaro. That maintainers are acknowledging the deep-rooted issues (resulting in the actual reasons people sneer at Manjaro) and forcing change is something that I think should be supported. Those conversations are necessary and have a higher chance of being healthy if the peanut gallery can hold off from turning spin on everything that smells like drama…

¹: About as long as it has been “imploding”

No. It may be worth to try on the side for fun or science though.

https://discuss.tchncs.de/post/56833541/24617984

https://discuss.tchncs.de/post/56833541/24617984

https://discuss.tchncs.de/post/56833541/24617984

https://discuss.tchncs.de/post/56833541/24617984