No

Crazy, its completely new code? I thought it was a fork.

That makes it pretty impressive

On KDE Plasma theming and Cursors work with Flatpaks normally

“Let me my freedom”

And then there is OnlyOffice which also just uses Libreoffice and develops a minimalist web UI and sync features.

Why not join efforts?

Sorry, “maximized”. I may need to edit some things.

Extend it to the edge of the window. The panel is above the window, no issue here

Yes I thought about that exact argument. They oversize their panels on purpose, there is tons of other space to click on, which is also way less risky, that next to the close button.

And this expansion is about all decoration buttons of course.

Yes, “just buy new hardware” is not a solution.

But dont let some news fool ya. NVIDIA already won the AI race, so their “new open source driver” will only benefit their newly sold products

Yes, “because one of their council is leftist pro censorship”

Like this crap

True, if I use bottles Flatpak as a GTK wayland app, the actual apps still use XWayland.

Not using any Wine apps though.

Funny. True, on superstable but also super unstable systems, having separated apps makes most sense.

Not actually on “immutable” rpm-ostree systems, as these have the best and most solid package management.

So actually when people say “these immutable systems, you just use Flatpaks”, actually on the regular systems you should mainly use Flatpaks.

Crazyy!

Btw I am XWayland free since today!

I have a list of recommended apps here

Some apps need environment variables:

Qt:

• qpwgraph

GTK

• GPU Screen recorder, I guess

Electron

• Nextcloud Flatpak
• MullvadVPN RPM
• Signal Flatpak
• (Element, I switched to the Webapp in Librewolf)
• Freetube Flatpak

You can use xlsclients -l to detect apps using XWayland.

Some may even want to run apps through XWayland on purpose, like KeepassXC for Clipboard access or autotype. Lets see how long it takes to implement all the needed protocols.

You got me in the first part XD

No joking, apart from that

But since apparently PulseAudio is the GNome / Microsoft approved way

I think I understand your point.

Pulseaudio is outdated, Pipewire AND Pulseaudio are now needed. Maybe also just Pipewire, and you can somehow fake Pulseaudio?

I never used a system without Pulseaudio, and Fedora has both (?) Or just Pipewire.

Pulseaudio is the old stuff that apps want to use, pipewire is the new cool stuff (I recommend qpwgraph) which allows like everything.

Aaand it is not overcomplicated, it isolated apps and introduces a permission system. Privileged programs that channel the requests and permissions, and sometimes need user interaction. Its actually less chaotic, the problem simply is that Flatpak ALSO tries to run all apps everywhere. And apps are mostly not up to date, so Flatpaks have randomly poked holes everywhere.

Today I worked on hardening configs for my apps. I maintain a list of recommended ones here. I will just put my overrides in my (currently still private) dotfiles, will upload them some day.

I am for example now Wayland only. Not all apps want to, but with the correct env vars (which I just globally set for all flatpaks, hoping it will not mess with anything), all apps use it.

This makes the system way faster, and applying different vars on the apps is very easy with Flatpak.

Literally no downsides!

Not true. It still has no updating mechanism, the binary may be official, but the rest are random libraries that may not be well versioned or controlled, etc etc.

The post is specifically about upstream supported Appimages, while Flathub is mainly maintained by the same 4 peolple (it is crazy). The request is for upstream devs to maintain Flatpaks.

But for sure not everything is nice. Runtimes are too huge, outdated apps cause huge library garbage, downloads are inefficient, …

https://grapheneos.org/features#grapheneos

Not sure but GrapheneOS has an “LTE only” mode, stock Android only has preferred Network afaik.

visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.

of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.

I dont know what magisk did, but I think that is only about Google Play adding their “safety” scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.

Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.

For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.

Yes that is one definition.

But what if you get it back? Or if you just keep it?

There is a chance that you have Pegasus on there, and I wouldnt want a phone without the detection of this.

GrapheneOS can likely detect pegasus with their Attestation and if you have it, use an external device to reflash it.

Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

Sandboxing, javascript

Vanadium has sandboxing but its javascript blocking is useless (no granular control)

Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

it’s a walk in the park for it to modify any of the partitions

These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.

If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.

Reading data has nothing to do with that. They likely can, but that doesnt matter.

My 6 years old phone still receives LOS updates

This will not include firmware and likely even the kernel.

Thanks! TLDR spamhaus (a big spamlist provider) has them on their spamlist, or maybe not, and they are using some fancy CDN.

It is VERY likely just a technical error.

What do you mean?

To my knowledge they dont ship GNOME 46 but some old “LTS” variant (GNOME doesnt do LTS variants)