Good. The more projects that move off of github, the better. It’s a dangerous dependency-sinkhole at this point, and has been for some time. De-centralize!

Well that could be considered the point where we lost our innocence, yeah. :(

Good point. On that note I am very happy having moved my home server from Apache to Caddy. The auto cert config is very nice.

More the latter :) … if only we could all just get along and be nicer to each other. Sigh.

Oh, definitely rose-coloured, but I am thinking even before those days… like when access to Usenet was restricted to colleges and universities, dial-up BBSes … and I didn’t use Windows or MacOS at all back then. ActiveX and js didn’t even exist back then. Boot-sector floppy viruses did, but those were easy to guard against.

Neat, saw this just after I posted to the thread. Gonna bookmark this!

I’ve heard Chromebooks are such a pain to put alternative OSes on due to their BIOs. Are there efforts to just reflash these things so they aren’t beholden to Alphabet? That would be the most libre-resistance move: “Un-Chrome” the device permanently.

Hmm as I was typing this I did a quick search: https://libreboot.org/docs/install/chromebooks.html

…but that’s only for ARM Chromebooks.

Oh, I’m really just pining for the days before the ‘Eternal September’, I suppose. We can’t go back, I know. :/

This seems like a good idea.

So what’s the floor here realistically, are they going to lower it to 30 days, then 14, then 2, then 1? Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?

It is ignoring the elephant in the room – the central root CA system. What if that is ever compromised?

Certificate pinning was a good idea IMO, giving end-users control over trust without these top-down mandated cert update schedules. Don’t get me wrong, LetsEncrypt has done and is doing a great service within the current infrastructure we have, but …

I kind of wish we could just partition the entire internet into the current “commercial public internet” and a new (old, redux) “hobbyist private internet” where we didn’t have to assume every single god-damned connection was a hostile entity. I miss the comraderie, the shared vibe, the trust. Yeah I’m old.

I have a script that watches apache or caddy logs for poison link hits and a set of bot user agents, adding IPs to an ipset blacklist, blocking with iptables. I should polish it up for others to try. My list of unique IPs is well over 10k in just a few days.

git repos seem to be real bait for these damn AI scrapers.

At some point we’ll just have to tunnel IP over DNS, and then they can’t block traffic without destroying the entire internet. Not that it’ll dissuade them.

This just shows that Valve/Steam is way too powerful in games distribution. Another example of over-centralization in our modern world. My initial thought of course was “just move to itch.io or something”, but they claim no one will give them investment funds to develop games unless they can be on Steam, which is just insane.

Yeah, hard pass. Don’t let an OS which has a walled-garden by default for apps get a toe in the door. Android is based in Linux, use that instead.

Yup I use it, when I must use Windows. So much better than the default, I sometimes forget I am using Win11.

I’m gonna be that “acktually…” guy for a sec here. Oil & gas (mostly) are not dinosaurs… the vast majority of petrochemicals are from compressed dead algae, plankton and plant matter long pre-dating the dinosaurs: https://www.chevron.com/newsroom/2024/q4/explainer-where-do-oil-and-gas-come-from

Ah. That’s nasty, what a pain.

Forgive me but what is intune? I did a quick search and just found some Microsoft endpoint protection thingie – there is mention of a Managed Google Play but I have no idea what that would mean.

I haven’t yet tried – planning to do that in the next day or so when I get the time.

Others already replied with promising results, I sure hope they work for me as well (Scotiabank in Canada is particularly annoying in this respect in my experience, with LineageOS I had to use Magisk and define stealth rules specifically for their banking app).

Edit: As for camera, I’ve only tried the GrapheneOS builtin/default camera app. It’s pretty basic, but I should see if I can get the Pixel9 official camera app on there, it would be nicer to use if possible but the basic one is probably good enough for my purposes.

I took the jump and installed GrapheneOS on my Pixel 9 this weekend. Easiest alternate OS load I’ve ever done, didn’t even need to see a command line. (I’ve put LineageOS on many a phone and GrapheneOS’s web-based installer is amazing).

Loving it so far. I have three profiles, the main ‘Owner’ with NO google services/app store at all; and two more ‘Personal’ and ‘Work’ profiles that have Google stuff that I alone chose to install.

Amazingly GrapheneOS even lets you deny Google App Store itself permissions to install from untrusted sources (in this case, Google App Store itself) – I was suprised to see installing just App Store triggered attempts to then load: My Pixel, Google Photos, Fitbit(!!? WTF), and a few others, without any confirmation first. Was able to shut that shit down immediately. (I had never, ever installed Fitbit on my previous phones, so there’s no excuse to install it “from my previous device” or whatever…)

I hope GrapheneOS spreads to other phone models. And I’m sure Google has a team planning on how to strangle it before it does…