Known aliases:

  • 0 Posts
  • 36 Comments
Joined 10 months ago
Cake day: August 25th, 2025
  • SatyrSack@quokk.autoTechnology@lemmy.worldEuro-Office, Europe's open-source alternative to Microsoft Office and Google Docs, launches June 9English
    66·
    9 days ago

    https://github.com/Euro-Office

    Euro-Office liberates the ONLYOFFICE code base

    Euro-Office is based on the ONLYOFFICE Open Source, an AGPL codebase. This code base is being extensively reviewed and cleaned up, with the goal of making it easy to build and contribute to. Why did we resort to a fork, rather than collaborate? Of course, forking should be a last resort. Unfortunately, open collaboration with ONLYOFFICE was not possible, for a number of reasons:

    • Contributing is impossible or greatly discouraged. ONLYOFFICE typically does not review or accept pull requests. Build instructions are unreliable, outdated or just plain broken.
    • The company regularly makes controversial decisions like closing off features in the mobile apps like mobile editing, and the removal of an administrator panel.
    • Lacking transparency. Commit messages, when visible, often just refer to an issue number in an internal issue tracker. There are quite a number of binary blobs and compiled or obfuscated code blobs. Most internal code comments are Russian which makes is hard to work with.
    • The mobile apps are not really open source but just wrappers. Example. The apps have extensive proprietary sections which will need to be re-implemented. Work on this is underway.
    • ONLYOFFICE is a Russian company (despite many attempts to hide this), and nearly all developers reside in Russia. Open Source is a global effort, but current political situation makes collaboration hard and trust difficult to earn. Especially when development is not transparent and open. A lot of users and customers require software that is not potentially influenced or controlled by the Russian government.
  • SatyrSack@quokk.autoTechnology@lemmy.worldUsers turn to jailbreaking their older Kindles as Amazon ends supportEnglish
    3·
    22 days ago

    The guide is one of the best I’ve seen for this type of project.

    I would have to award that to GrapheneOS. Being a web-based installer, GrapheneOS is able to add buttons that directly perform the major actions right in the guide itself. At each step, instead of having a link or something and saying “go here and do this”, it simply provides you with a button that actually performs that step’s action right then and there. It is incredibly straightforward. The first few steps do involve some prerequisite manual effort to get your phone ready and web browser configured. But once those two pieces are able to communicate with each other, the rest of the process just involves pressing the buttons in the order it tells you.

    https://grapheneos.org/install/web

  • SatyrSack@quokk.autoPrivacy@lemmy.mlThe founder of /e/os is anti-securityEnglish
    14·
    2 months ago

    So you don’t have to give Reddit clicks:

    Dutch hardware, French open-source OS, no Google services.

    Apologies for repeating this in pretty much every topic on Fairphone and /e/OS, but there is a lot of misinformation about this. The Fairphone hardware and software is developed by a Chinese company called T2Mobile (this is no secret, it is in Fairphone’s documentation).

    Switching to /e/OS does not really change that, because they use the same kernel trees, binary firmware blobs, and device trees maintained by the same Chinese company. So you replaced opaque blobs coming from a South Korean company to those from a Chinese company and Qualcomm (pick your poison I guess).

    Besides that /e/OS does not really decouple you from Google. It starts talking to Google pretty much the moment you first set up the device [1]. The device will download proprietary Google SafetyNet blobs that run as part of the privileged microG. /e/OS also contacts Google for assisted GPS, eSIM provisioning, WideVine provisioning, etc. Then if you install certain Google Apps, /e/OS gives them elevated privileges, breaking the regular sandbox model. For instance, if you install Android Auto because you want to use it in your car, some of the dependencies (e.g. Google Maps) have privileged access [2]. It does not stop at Google, e.g. for speech-to-text, Murena does not have any scrupules uploading your voice to OpenAI (and hide it somewhere in the terms that no-one reads) [4].

    Besides that, both Fairphone and /e/OS have a history of abysmal security. E.g., both used to sign system images with Android testing keys (which meant that malware could hide in your system image without you noticing). Fairphone is absolutely terrible at maintaining kernel trees - e.g. Fairphone 4 is still using a Linux version that has not been updated since 2020, Fairphone 6 is still on firmware blobs from June 2025 despite Qualcomm pushing out monthly fixes for vulnerabilities since then. The Fairphone 6 is also shipping a Linux kernel that hasn’t been updated since September 2024.

    Both the Fairphone stock OS and /e/OS are way behind on Android security updates. The Android Security Bulletins are only backports of security issues marked high or critical. On those they are typically 1-2 months behind and the ASB vulnerabilities are already known for 3 months by vendors due to Google’s new security embargo system. That means that Fairphone’s stock OS and /e/OS are usually 4-5 months behind on patching high/critical vulnerabilities. It is even worse for other vulnerabilities, which are commonly used as part of exploit chains. /e/OS and the stock OS are still on Android 15. Since they do not roll out other security updates than ASBs, it means that they are now 1.5 years behind in non-high/critical security updates (since Android 15 was released in September 2024).

    And then we haven’t even talked about shady things like the /e/OS App Lounge getting F-Droid packages [3] through a MITM server (cleanapk) for at least 6 years now that often serves outdated package versions. To make it more fun, they do not want to reveal who is actually maintaining this service.

    Similarly, hardware security is not great. In contrast to your old S24, the Fairphone 6 does not have separate secure enclave. They only use TrustZone, which basically uses the same CPU/RAM for the TEE (the OS gets isolated by secrets running it in a VM-like environment). TrustZone is vulnerable to side-channel attacks and PINs are easily brute-forced (so, on Fairphone you probably want to use a long passphrase).

    Some people will say: who cares, I’m not the target of a state level actor. Remember that in the days of Cellebrite, etc. device security is important to anyone who ever goes to a demonstration or crosses international borders.

    I understand that everyone is looking for European alternatives, please think twice if you want to replace them by Chinese blobs, very outdated software, and a security disaster.

    [1] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

    [2] https://eylenburg.github.io/android_comparison.htm

    [3] https://forum.f-droid.org/t/e-foundation-using-f-droid-with-middle-man-website/7162

    [4] https://forum.fairphone.com/t/e-os-betrays-users-privacy-openai-being-integrated-directly-into-core-os/119381

  • SatyrSack@quokk.autoPrivacy@lemmy.mlWhat is you guys opinion on DuckDuckGo AI?English
    2·
    4 months ago

    To add a new search engine, you are supposed to be able to just visit that search engine’s website and manually search for anything, then that site will appear as an option in the list under Settings > Search engine > Recently visited. I just added Ecosia this way to test this feature, but I cannot get this to work with DuckDuckGo (No AI). I assume that is because the regular DuckDuckGo is already an option in the list, so it’s not adding a new search engine that is just a sub domain of that existing option. Unfortunately, I cannot find a way to add it manually.