Signed developer certificates protect you from MITM attacks, it does not protect you from the sources themselves being compromised.

Very true, and that’s why f-droid building from source can only guarantee the apk matches the source, but you still need to trust someone else (or yourself) to study the source and confirm nothing shady is going on, which of course isn’t something most people would do for any open source app they install.

Still, for “high profile” cases it just take one (independent) person to go through the source and publish their findings.

Yes, I understand the situation is shady and f-droid maybe didn’t handle it the best way on a human level, and that is important when evaluating trustworthiness.

What I was focusing on was more on the technical side: As long as I can:

• trust f-droid to actually build from source and only publish something guaranteed to match the source, and
• read the source code myself, or trust an independent researcher to study it, and confirm there’s no malware,

then I don’t need to trust the maintainer of the project at all, and I can ignore all the drama, being assured with a high degree of certainty there is no malware

I can also ignore any drama involving f-droid as long as I still trust them to build from source. This can also be verified by independent researchers by buulding themselves ans comparing, once again filtering out the drama and noise, though most people probably won’t go this far.

I don’t use syncthing (anymore) and didn’t know the story behind this, but one thing I know is, f-droid builds the apk from source and signs it with their keys, or if reproducible builds are available, it verifies the signed apk provided by the maintainer to match bit-for-bit with the source code, so at least even if one doesn’t trust the new maintainer, they should be able to trust f-droid that the apk matches the source, so e.g. no spyware or malware was added for example. Sure, someone still needs to review the source, of course.

Can it survive a pair of scissors?

Apparently it’s not. From the link (which I’m not to afraid to click, I guess): Google is rolling out one of the most significant changes in Gmail’s history: users can now change their primary @gmail.com address without creating an entirely new Google account. The feature, unavailable for over 20 years, is being introduced gradually.

Of course, I’d also like to see that from a more reputable source as well, or from the horse’s mouth.

Edit: Forbes’ link: https://www.forbes.com/sites/zakdoffman/2026/01/18/googles-gmail-decision-why-you-need-a-new-email-address-now/

The raspberrypi was originally marketed as a linux pc, and that’s why it had full size usb A ports, Ethernet, hdmi etc. so you could connect mouse, keyboard, a monitor and network.

People eventually figured it’s very useful as a board to make other things like IoT, robots and other hobby (and professional) projects.

Doesn’t look much smaller than a raspberrypi either…

For all of you that downvoted because “AI”, let’s be clear, this guy does all the processing locally, not in the cloud, so it’s a privacy friendly option:

Tiiny AI does all of its AI processing right on the device. Nothing leaves this mini supercomputer. If you’re privacy-minded and don’t want all of your data uploaded to the cloud or just don’t want to pay for any more subscriptions, an AI computer is what you want.

I’m actually quite interested in this. I hate when AI is shoved down my throat, or if it runs in “the cloud” out of my control, but this would be fully under my control.

My only concern is whether I can run my own OS (i.e. linux) or if I’m locked to theirs.

You’re not alone in hating Christmas, though for me it’s different: it’s the stress of having to celebrate, be happy, and get people presents. I don’t want to be forced to or pretend to be happy, I have nothing to celebrate, and if I want to give someone a present I don’t need to wait for Christmas (and if I don’t want to give a present, I shouldn’t be required to).

Basically, Christmas is just another way to make people spent a lot of money with the pretense of it being “the happiest time of the year” (for someone else).

I had the right not to be happy, don’t mandate that I should be happy during Christmas.

Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.

With that said, I don’t believe their claim that it’s impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can’t send a different file to just one user. That’s true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

I trust them not to do it, for many reasons, but technically they could. I also don’t think they’d do it to Louis, despite the beef they have with him.

Sure, but the problem is the ecosystem of alternatives stores effectively collapsing or falling under Google’s control. That will affect everybody who uses them, whether on GrapheneOS, LineageOS or certified devices.

As many people here are saying, you don’t owe them anything and shouldn’t be ineligible for rehire for giving them the stardard 2 weeks notice, but if you care about your coworker and your manager on a personal level, e.g. because they are good people, maybe even friends, then sure, go ahead and offer to be accomodating, within reason. Being kind, while not required, is likely appreciated, but do it cause you care about them, not about your rehire eligibility (which, once again, shouldn’t be an issue here).

Well, clearly as others said, it’s the economy of scale: making large quantities of the same thing is cheaper than making small runs or one offs, and spare parts don’t sell as much, if an item is designed well (i.e. doesn’t break immediately).

But, I want to add something important IMHO: buying new because is cheaper isn’t really the problem, the problem is the waste it generates, and when we throw away (or hoard…) something, neither we nor the company that made the item pays for the cost of disposal. In fact, in many cases, the cost will be paid by society as a whole, sometimes by future generations. This is why it appears cheaper to buy new, but really, there’s a hidden cost that individuals and companies don’t directly pay.

If we could, somehow, make a company pay for the disposal of all the waste their products create, I tell you, repairing would be a lot more common.

So, China made their own copycat RoboCup competition?

It’s mostly true, but not true often enough that makes it worth to buy cheap (and possibly twice), hoping for the lucky inexpensive quality item, then to buy nice, hoping you won’t have to buy it twice anyway cause it was just overpriced.

Also agree on what others suggested: buy cheap first, then if it breaks, buy quality.

You’re entering a world of pain

I believe the point is, once some data is publicly available, even if you try to delete it, you can never be sure all copies are truly gone. Like you said, maybe it lives on somebody’s hard drive, maybe some other user managed to scrape it for their own personal use, maybe they screenshotted the most compromising posts, etc. You can never be sure it’s gone.

I guess what they’re saying is, even though it’s “not supported” officially, you can still try and there’s good chances it’ll work anyway. If you need or prefer to stick to a supported configuration, it seems your options are either to switch to podman and figure out nextcloud, or switch away from RHEL.

I don’t think a macbook can fit in my pocket … and I don’t think the (virtual) keyboard on an iphone is a “manufactured restriction” compared to a macbook

Interesting, never heard of it before but looks promising, I should try it. I don’t care much for AI features, but I’m not against it either, especially if I can use locally hosted models, and it seems Zed supports ollama natively, so that fits the bill.

Coming from vscode, one of the features I use a lot is devcontainers, does Zed support something similar?