Skip Navigation
Jump
SilverBullet: a self-hosted personal knowledge management system for people with a hacker mindset
  • If you know of any FOSS, offline editors for Android which can do what silverbullet can, drop a link.

    13
  • Jump
    SilverBullet: a self-hosted personal knowledge management system for people with a hacker mindset
  • I use it and love it. Having the metadata (tags, dates, ...) of your pages available to query and organize is awesome. I also love the tagged tasks feature.

    5
  • Jump
    Slint 1.3 Released with Revamped Native Styles and JavaScript API
  • Yeah, UI with rust is shaping up (generally and especially for Android).

    1
  • Jump
    Slint 1.3 Released with Revamped Native Styles and JavaScript API
  • Oooh... Android. Congrats on the release. I really gotta try this out. I like QML.

    2
  • Jump
    How can I prove that a downloadable executable is built from the published source?
  • Yeah, this topic would actually lend itself to an intro video which demonstrates the problem on a tiny project.

    2
  • Jump
    How can I prove that a downloadable executable is built from the published source?
  • True, while I think the page that I linked explains the concept well, it might not be easy to digest for someone who is new to software development.

    But then again, if you handle cryptographic materiel, you better learn fast 😃

    5
  • Jump
    How can I prove that a downloadable executable is built from the published source?
  • But I am thinking that their workflows are reproducible builds, correct?

    A reproducible build is more than an automated build. It is a build process which enables any third party to build a binary that is bit-by-bit identical (see https://reproducible-builds.org/docs/definition/).

    So if I would build a specific release/commit of your application on my PC (given an identical development environment, i.e. same version dependencies, compiler, etc.) it MUST result in a bit-by-bit identical binary to the one you built on your development machine and the one the github workflows built.

    All these binaries would result in the same hash (and thus be verifiable by the same signature files).

    “Here is my very simple commit that you can read, and here is the executable in case you want to download the fixed wallet but are not technically savvy enough to build it”

    Other than a signed binary from a trusted developer/organization, there is (IMHO) no way for a non-tech savvy user to gauge the trustworthiness of a binary they download from the internet, and even then a signing key might have been lost or broken (see the recent Microsoft debacle w.r.t. AD signing key misuse).

    4
  • Jump
    How can I prove that a downloadable executable is built from the published source?
  • I don't know whether github actions output can be tampered with by you, but the only actually reliable way (that I know of) to prove that your binaries correspond to a certain state of the sourcecode is to support reproducible builds (See e.g. https://reproducible-builds.org/).

    All other methods require trust (in either the developer or w.r.t. github actions towards github).

    The drawback is of course, that to verify whether your binaries are good, someone needs to rebuild the software, but it is a good tool to build and maintain trust in your signed binaries, especially if they deal with sensitive information like private keys.

    26
  • Jump
    U2F/FIDO2 on Degoogled phone
  • Not that I know of. I think this needs to be implemented in a system framework.

    2
  • Jump
    U2F/FIDO2 on Degoogled phone
  • Basically, yes. IIRC the FIDO/U2F handling is implemented in google libs.

    They are however re-implemented in microG: https://github.com/microg/GmsCore/wiki/Implementation-Status, so if you are open to using that it should work with apps using the corresponding google client libraries.

    I have used Firefox on Lineage/microG and tested FIDO2 there, it does NOT work with Fennec as that does not include the required client side libraries.

    12
  • Jump
    `zig cc`: a Powerful Drop-In Replacement for GCC/Clang - Andrew Kelley
  • Very interesting. Cross compilation is always daunting.

    I'll just throw zig on the ever growing list of 'things to take a look at'

    5
  • Jump
    How do you back up Nextcloud, installed as a snap, using the Backup app?
  • I use nextcloud.export which comes with the snap (https://github.com/nextcloud-snap/nextcloud-snap/wiki/How-to-backup-your-instance), but the backup app looks nicer.

    4
  • Jump
    Getting more than 50 posts - Pythorhead
  • Note that due to new posts appearing the results might overlap in content.

    1
  • Jump
    Getting more than 50 posts - Pythorhead
  • You might need to get them in batches, i.e. use the page parameter to get multiples of 50.

    1