Graphene supports running GMS in a sandbox like any normal app. That’s what I do as there are too many apps in the play store I need

Can’t disagree there. I don’t even use it, I just prefer when people take a stand

Tbf they say windows is WIP and they support Mac which has an even lower bar than windows IMO

This is a mistake, they should just refuse service in all markets that do this, that’s the only way you get enough public backlash to make a change

With XMPP all messages are relayed through your server of choice

I never said you couldn’t, just that it doesn’t work that way now

Because with Lemmy’s architecture darknet sites could not federate with clearnet sites as the end user’s browser fetches content directly from the federated instances.

The problem is if this gets adopted on a large enough scale not even Tor will save us, all the exit nodes will be subject to censorship. Tor only works because there are some countries which have totally free and open internet. Unless you’re talking about moving completely to the darknet.

I love how mastodon is on here as if that is trivial to block. Guess you can block the official upstream distribution but blocking all instances would be a nightmare

LMAO this is really amusing. I hope it does some good but I doubt it

This reminds me of prop 65. It’s so broad that everything is labeled as causing cancer to the point of being a worthless label. I suspect this will have a similar problem on top of the privacy ones

The reason for initramfs is because if you build your block or filesystem drivers as modules the kernel can’t boot without loading the modules and can’t load the modules without said modules and therefore causing a chicken and egg problem. Reading a folder without all necessary boot drivers just isn’t possible. That’s why the bootloader is responsible for loading initramfs into system memory, the kernel can read it with 0 drivers required. Getting rid of it can be done but ALL of your boot drivers need to be statically linked into the kernel image so that the kernel doesn’t need any modules to get the rootfs mounted. Ironically EFI can be used to obsolete initramfs in theory since the kernel can read data from the ESP without any drivers being required so putting modules in a folder on the ESP would work for EFI enabled systems

You definitely can do this. Unless this is an extremely recent change or only done outside the US

XZ was also open source…albeit less eyes on it probably. Point is we take “open source” for granted and assume it means “secure” but the person running a project, even an open source one, can do real damage.

Yeah, I’m just pointing out that OpenVPN has a kernel implementation since it does seem to make quite a large performance difference when available.

Yeah sounds about right. The only reason I’m even running graphene right now is because I heard he left the project. Otherwise I wasn’t sure I wanted to be dependent on it

Didn’t he leave the project though?

OpenVPN operates in kernel space as of 6.16. Well specifically for the data channel. Control channel is still managed in userspace so you don’t have to do asymmetric TLS in the kernel. This also reduces the overhead and increases performance substantially. It is slightly more complicated to setup but barely tbh (I’m speaking from the server side). Is the crypto outdated? Not as far as I’m aware.

The big thing for public VPNs is the server can push the configuration to the client rather than having it be static. Config push, specifically for addressing is basically the only viable way to do a NATless VPN. Additionally while unrelated to public VPN providers wg does not have the ability to bind to individual IPs which is a headache for my internal VPN use case.

It isn’t in a lot of ways