• 1 Post
  • 46 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle
  • I understand their reasoning behind this, but I am not sure, this is such a good idea. Imagine Letsencrypt having technical issues or getting DDoS’d. If the certificates are valid for 90 days and are typically renewed well in advance, no real problem arises, but with only 6 days in total, you really can’t renew them all that much in advance, so this risk of lots of sites having expired certificates in such a situation appears quite large to me.


  • Ok, that endoflife.date site apparently isn’t quite up-to-date then. But even still, Android 14 was released in October 2023 and as far as I can tell, Fairphone released their Android 14 update only in July 2024. I’m not saying Fairphone’s update policy is terrible or anything. It certainly is better than that of many other vendors, but if you want updates as quickly as possible, you are probably better of with a Pixel phone. Of course repairability is an entirely different matter.





  • Fairphone is actually worse than Google when it comes to updates. Even their flagship phone is still on Android 13. Even the Pixel 6 runs Android 15 at this point and with this news it is guaranteed to get at least Android 17. Google has always been offering 5 years of support for the Pixel 6 and 7 series. What they didn’t promise until this announcement was additional feature/OS upgrades, but when it comes to that they were already ahead of Fairphone.

    When it comes to alternative OSes, Google actually makes it very easy to install them. That’s one reason why GrapheneOS and the likes chose Pixel phones as their primarily supported phones.




  • Linksys WRT54G

    The Linksys WRT54G did not run OpenWrt by default and the original OS does not even remotely resemble OpenWrt. What OpenWrt did use from the original OS was the Broadcom wireless driver because it was closed source (and a similar kernel version, so the driver could be used), since there was no driver in the mainline kernel.

    But to try to answer the question, this device has been designed by the OpenWrt developers to fit their needs (and their users needs). Other routers running some variant of OpenWrt on them by default were designed by companies unrelated to the project. They most likely used OpenWrt because it was convenient to them. Their intentions weren’t usually the same as the OpenWrt team’s (repairability, easy to unbrick, etc.). Not that there is anything wrong with that. I like GL.Inet routers.


  • Actually AMDs mobile parts are pretty good at idle power consumption and so are their desktop APUs. Their normal CPUs, which use the chiplet design are rather poor when it comes to idle power consumption. Intel isn’t really any better when compared to the monolithic parts at idle and Intel CPUs have horrible power consumption under load. Their newest CPUs are better when it comes to efficiency than 13th and 14th gen CPU, bus still don’t match or even exceed AMD.




  • Unless you require the dynamic features of Wordpress, you could have a look at some of the static site generators out there (such as Hugo). Having a static site would reduce the attack surface considerably. Also due to the shenanigans happening with Wordpress at the moment, I would be weary of using it.

    About SSL, what others have already mentioned, SSL certs are available for free these days, thanks to letsencrypt.





  • The head of BitWarden has come out and stated the SDK being required to compile BitWarden was a mistake, however, and if this proves to be true (which I have no reason to doubt) then I see no reason why any of this is an issue.

    I don’t see why this should make any difference at all. Sure, I get why he is are saying they are going to fix it - he thinks that this gets them in compliance with the GPLv3. But from a practical point of view there is no difference at all. The software is useless without that SDK part. Even if it does indeed get them in the clear from a legal point of view (which I am not convinced that it actually does), it is still a crappy situation.

    I think, it would look way less shady, if they said they are going fully source-available and not pretend that they are keeping the client open source. I would still dislike that, of course. At least that wouldn’t have eroded the trust in them as much as it did for me.


  • Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available.

    Yeah, that’s what I meant by “proprietary”. I guess having the source to look at is better than nothing, but it still leaves me uneasy. Their license lets them do anything they want (ignoring that - as it stands - their license is void due to the linkage with GPLv3 code, but they said they want to fix that). I have no idea what their plan is. I don’t think it is in their best interest to go the route they appear to be going. Having truly open source clients seems to be a selling point for quite a few customers. But what do I know…



  • I really hope that this is actually the case, but I am not very optimistic. This doesn’t seem to be a mistake. They intentionally move functionality of their clients to their proprietary SDK library. The Bitwarden person stated this in the Github issue and you can also check the commit history. Making that library a build-time dependency might actually have been a mistake. That does not change the fact, that the clients are no longer useful without that proprietary library going forward. Core functionality has been move to that lib. I really don’t care if they talk to that library via some protocol or have it linked at build time. I wouldn’t consider this open source, even if that client wrapper that talks to that library technically is still licensed under GPLv3.