I don’t think that’s a big deal with Signal data. You can log back into your account, you’d just lose your messages. idk how most people use Signal but I have disappearing messages on for everything anyway, and if a message is that important to you then back it up.

For most casual users, it is a deal-breaker. And it’s hard to get everyday people to use your software with roadblocks like that.

That’s fair enough, but the way the mobile app works is that you can opt in to having encryption at rest with a passphrase, so if you want to leave your signal database unencrypted you can.

You must not get email very often, this is absolutely a non-starter for me.

Once you open it you can leave it open if you need notifications. Sometimes I leave it open, sometimes I just want to check my emails and then close it. Idk, I really think typing in a password for authentication/decryption regularly is such a non-issue, like for instance do you not regularly type in a password when you run a command with sudo? Again, if it’s opt-in I also don’t see the issue, except for the issue of allowing people to not encrypt their Signal data thus potentially compromising the people they’re messaging, but obviously that issue is currently universal for Signal desktop.

If I’m not mistaken you were talking about how things work “on my phone” but I suppose you had in mind that the principle would apply to desktop as well.

Yes, I was using it as a comparator as an example as to why it’s not a big deal to type a password every time you open an app, which I don’t think is any different between mobile and desktop.

I’m now genuinely not sure what you’re saying. I did what? I said it was about the mobile app? I didn’t say it was about the mobile app?

Obviously there is the disk encryption passphrase at boot, adding another one for signal would in my case be redundant.

I also have full disk encryption, but I still have some databases on my disk encrypted because I decrypt my disk when I boot my computer. But yeah if you have Signal open (& its db decrypted) all the time it would probably be minimal. I don’t have Signal open all the time though, only when I want to check messages or am actively using it

I don’t think it does much on the typical desktop, be it windows or linux, where there are so many ways to escalate or persist privilege for anyone that has user-level access.

The point would be encryption, even the root user wouldn’t be able to read encrypted data if they don’t have the passphrase

I know. I never said it was about the mobile app?

I already enter a passphrase every time I want to use Signal; I use the Molly client on my phone. It’s really not a big deal. I also enter a passphrase every time I launch my password manager, every time I launch my two-factor authentication app on my phone, and every time I open my email client. I think it’s fairly standard to protect sensitive data on your computer with encryption at rest and to decrypt it upon launching the application that handles the data.

It’s not a bad feature to ensure that eg if there’s a malicious process running on your computer it can’t send all your signal data to whomever

Whole disk encryption wouldn’t change your daily usage, no. It just means that when you boot your PC you have to enter your passphrase. And if your device becomes unbootable for whatever reason, and you want to access your drive, you’ll just have to decrypt it first to be able to read it/write to it, e.g. if you want to rescue files from a bricked computer. But there’s no reason not to encrypt your drive. I can’t think of any downsides.

I like how simple and fast runit is. And the added security is nice.

More specifically, it’s the name used by the attacker. Could well be multiple people, or if it’s one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person’s real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that’s not foolproof as they could’ve just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they’re in a different timezone, though I think the latter is unlikely and overkill.

I think I’ve found myself wishing manpages were more detailed far more often than I’ve found myself wishing they were shorter. In any case a man page or help text should put the most important info/FAQs at the top.

There are plenty of guides on how to do a PR online

Yeah afaik any AMD card should work out of the box with the Linux kernel, which includes AMD drivers. Never had any problems with my AMD card. Even on Nvidia it worked, admittedly proprietary Nvidia graphics driver updates frequently broke my graphics but downgrading (in a tty or even a chroot if I can’t do it graphically, I think I only ever needed a tty though I don’t think I ever needed to chroot because of an nvidia update) fixed it, and using outdated Nvidia drivers was not too big of a deal, I didn’t notice game performance issues.

And gaming on Linux is completely fine if you don’t have any kind of funky setup (like musl or whatever). The majority of my steam library has native linux versions, those that don’t play fine with Wine/Proton.

Tbh Manjaro has made my system unbootable before with a system update, base Arch has never done that for me. I think Manjaro is just poorly constructed, or maybe it’s bc of all the packages that come pre installed with it causing problems. Minimal installs ftw

By the sounds of it it was an organised social engineering attack. Almost certainly “Jia Tan” is not a real person, or if it is a real person then it’s a case of stolen identity. Even if I were being threatened to put a backdoor in some software I wouldn’t do it under my real name.

It’s a safe bet that there are others (in FOSS) that remain undiscovered.

I agree, but I don’t think that image (about survivors’ bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we’ve not found the simple/obvious ones

What are you saying? That there are people doing the top version (“I want a backdoor / I ask the corpo to grant me access”) for FOSS but they’re less likely to get caught if they don’t do all the gymnastics?

For the border it’s just css. In your style.css:

window#waybar {
  background-color: @background;
  color: @foreground;
  opacity: 1;
  border: 1px solid @accent;
}

(where those are variables representing my waybar colours, you can ofc use literal values instead)

Yep, waybar. Much better than polybar as you can customise it with css