The 503 errors on lemm.ee have stopped now, but yeah they were preventing it from loading anything.

Thanks for making it free software! And also thanks for using Tauri instead of Electron for the desktop apps :)

It’s not yet fit to protect from malicious apps, but it still finds some use.

That it is "not yet fit to protect from malicious apps" is an important point which I think many people are not aware of.

This makes sandboxing something of a mixed bag; it is nice that it protects against some types of incompetent packages, and adds another barrier which attackers exploiting vulnerabilities might need to bypass, but on the other hand it creates a dangerous false sense of security today because, despite the fact that it is still relatively easy to circumvent, it it makes people feel safer (and thus more likely to) than they would be otherwise when installing possibly-malicious apps packaged by random people.

I think (and hope) it is much harder to get a malicious program included in most major distros' main package repos than it is to break out of bubblewrap given the permissions of an average package of flathub.

Downsides of distro pacakges:

• someone needs to package an application for each distro
• applications often need to maintain support for multiple versions of some of their dependencies to be able to continue to work on multiple distros
• users of different distros use different versions of the application, creating more support work for upstream
• users of some distros can't use the application at all because there is no package
• adding 3rd party package repos is dangerous; every package effectively gets root access, and in many cases every repo has the ability to replace any distro-provided package by including one with a higher version number. 3rd party repos bring the possibility of breaking your system through malice or incompetence.

Downsides of flatpak:

• application maintainers are responsible for shipping and updating their dependencies, and may be less competent at doing timely security updates than distro security teams
• more disk space is used by applications potentially bringing their own copies of the same dependencies

🤔

there is some interesting discussion of the problem and possible solutions (including links to github issues) in this blog post: https://popcar.bearblog.dev/lemmy-needs-to-fix-its-community-separation-problem/

https://digdeeper.club/articles/browsers.xhtml has a somewhat comprehensive analysis of a dozen of the browsers you might consider, illuminating depressing (and sometimes surprising) privacy problems with literally all of them.

In the end it absurdly recommends something which forked from Firefox a very long time ago, which is obviously not a reasonable choice from a security standpoint. I don't have a good recommendation, but I definitely don't agree with that article's conclusion: privacy features are pointless if your browser is trivially vulnerable to exploits for a plethora of old bugs, which will inevitably be the case for a volunteer-run project that diverged from Firefox a long time ago and thus cannot benefit from Mozilla's security fixes in each new release.

However, despite its ridiculous conclusion, that page's analysis could still be helpful when you're deciding which of the terrible options to pick.

i haven't tried it yet but https://offpunk.net/ looks interesting

I remember years ago reading about how the GEGL backend would one day enable some "non-destructive editing" features; I just decided to figure out how that works and I see it was sort-of implemented a long time ago but in 3.0 the UI is much better: many things under the Filter menu now have a Merge filter checkbox in their dialog. When that box is unchecked, then applying the filter will make it a (non-destructive!) layer effect and an fx icon will appear for the layer (in the dockable layers dialog, which you can reach with ctrl-L if it isn't visible). You can apply any number of layer effects, and when you click the fx icon you can reorder them or modify their settings. Very cool!

Another tip (not new to 3.0): you can type / to open the Search actions window, which lets you quickly find various functionality without needing to dig through menus to figure out where something is :)

If you want to try a 3.0 release candidate before it is released, it's easy to install it from the flathub-beta repo as described here. (That page is embarrassingly out of date and says "The current development release of GIMP is 2.99.6 (2021-04-26)" but if you follow the instructions there you'll currently get version 3.0.0~rc3 which is the latest release candidate from earlier this month.)

https://kernel.org/pub/linux/kernel/SillySounds/english.ogg (from back when many english speakers were still insistent that the i in Linux should be pronounced "eye")

I'm confused as to why this 404media story neglected to link to the post in question.

to get from this article to the post that it is about, i had to type in the bsky username from the screenshot and scroll through the timeline. to save others the effort:

https://bsky.app/profile/marisakabas.bsky.social/post/3liwlwvvq6k2s is the post which was removed.

https://bsky.app/profile/marisakabas.bsky.social/post/3lj3yrzc6is2p is the thread about it being removed and later restored.

why past tense?

They switched to bash in 2003 with Mac OS X 10.3; before that it was tcsh.

this meme has some truth in it, in that these six vegetables are all brassica oleracea. but, the factoid in the center of the meme is misleading: brassica oleracea can be many things but (despite brassicaceae being "the mustard and cabbage family") brassica oleracea is not typically called "wild mustard plant".

edit: toned down my refutation; i guess maybe it is sometimes 👀 but i think not really

I think it’s healthy for the fediverse to have similar communities on different instances, because if we centralize, it basically becomes reddit, which means moderation and censorship are at the whims of whoever owns the only place people go.

💯

See also this blog post discussing this issue and some of the proposed improvements: https://popcar.bearblog.dev/lemmy-needs-to-fix-its-community-separation-problem/

I like their proposed solution #3, but it is somewhat hampered by the DNS-centric model of ActivityPub. I hope that one day something like this proof-of-concept of making AP content-addresable (which i found via this post about "How decentralized is Bluesky really?") will be widely adopted and make instances less important.

But even without such a major change as moving to content addressability, that blog's proposed solution #3 (simply letting communities "follow" other communities) would let readers pick which moderation they like without posters needing to manually cross post to reach everyone: If communities A and B could mutually follow eachother, posts would by default appear on both but could be independently removed from either. 🤔

Good question.

I see that the file served from https://packages.mozilla.org/apt/repo-signing-key.gpg is the same as the file at https://packages.cloud.google.com/apt/doc/apt-key.gpg

Apparently Mozilla outsources the operation of the Firefox APT repo to the Google Cloud "Artifact Registry" service 😦

A lot of people commenting on this seem to have gaps in their knowledge of what happened

We're in a Linus-email-🍿-thread, so that kind of goes without saying doesn't it? 😂

What does glazer mean in this context? (English is my fourth language)

English is my first language and I also wondered. The definition in the other reply to you was only added to wiktionary last year. According to know your meme, it became popular on TikTok in 2023 and allegedly originated on discord in November 2021.

(wiktionary also has another definition which I've also never heard of before which has been there since 2007 with no quotations or other evidence of actual use...)

I tried giving them some other species

👍

would you recommend that book for learning regular expressions as a non CS guy?

Absolutely, it's an excellent book which I highly recommend.

The latest edition (3rd) is almost 20 years old, but I don't think regex has actually changed substantially since then so it should still be very useful. (I read the 2nd edition cover-to-cover and enjoyed it enough that I bought the 3rd when it was released 😀)

If you're going to buy a physical copy from amazon you should use the author's link here to give him slightly more money for it. But if you just want a PDF I see one is available here.