l3db3tt3r

I’m of two minds. I agree. But there is also the need to go to where the people having these kinds of conversations are.

Face Palm. Moving to an Open Education Resources (OER) framework would curtail this kind of BS.
What is OER? Find out more here: https://guides.library.harvard.edu/OER

@[email protected] OP,
Suggestions:

1. Provide a couple real use case examples for why people may be asking for these PRs.

• Probably revolve around user familiarity with their current use cases using CalDAV and friends.

2. Build an import/export adapter.

• Link to relevant examples, resources, and/or documentation. It’s a call to action, so give readers a direction.

You make valid points. I don’t know that the word apathy is strong enough in this context, shrug. I mean, why not just say the thing? “This needs to be fleshed out”. At least it provides direction and context, (go push sand somewhere else; the TAB) and would probably be quicker/easier to write then sling this tired narrative, and non-answer to what is actually being asked;

Thus seeking documented guidance on new Linux Security Module submissions for how they should be optimally introduced.

(The TSEM LSM people aren’t trying to push a specific thing, they are asking for clarity of the process and particulars by witch a thing should be submitted; because from what I understand, their project (and others) keep hitting walls on the grounds of ‘formatting’ and ‘structure’; as a stop-gap, and thus an incomplete review, of the ideas and contents of the problem/solution set of the project. (Think: “It’s too difficult for me to read the thing, so I won’t until you fix it” – And not name with specifics to what is considered ‘fixed’, or what the process for re-submission is; It’s a backhand way of claiming “secret knowledge” over the thing and then saying “just fix it”. Fix what specifically ? )

That is to say; when outsiders see these kinds of roadblocks, and the responses/narratives of key figures in these spaces is “apathy” of this degree, it feels something to me akin to security theater.

“Yes, I know that security people always think they know best, and they all disagree with each other, which is why we already have tons of security modules. Ask ten people what model is the right one, and you get fifteen different answers.”

“I’m not in the least interested in becoming some kind of arbiter or voice of sanity in this.”

How do you even get to a consensus model to tease these things out; when your answer is a refusal to engage with “pointless” things?

It just seems contentious to me, that anyone when considering this kind of rhetoric, would make claims in regards to the level of security that Linux (may) provide. It just feels something akin to playing in the realm of security theater.

A non-walled garden isn’t much help for you either. There’s nothing stopping them from ‘requiring’ Client-Side - Device level scanning. The technological ‘problem’ required to do that, isn’t too difficult to impose when you also create an environment where your device/provider ‘requirement’ in order to even use your technology, forces compliance, and it isn’t that far fetched of a technical problem to be solved.

If Signal leaves the official app stores

I know this is probably semantics; but I don’t think it will be completely on Signal, ie the app store owner is the one who is going to have the pressure to remove the apps: plural, as they will likely also remove any alternatives in the same vain. Same with any other service provider, store front, internet or cellular access, or device maker…

• There is no strictly defined “scope” of what ChatCountrol covers. It’s as broad as scanning “communications”. And includes things like Client-Side Scanning.
  • Pre-encryption scanning - Content is analyzed before it gets encrypted
  • Device-level analysis - Scanning occurs on the sender’s device before transmission
  • End-to-end encrypted services - Even encrypted communications are subject to scanning requirements

What I mean by Signal complying by leaving, is that they stop allowing registration of phone numbers ‘from’ these countries, and stop hosting any of their infrastructure (AWS) within these boarders.

Self-Hosted or Federated, is only a small portion of the battle. You have a bigger problem.

It isn’t criticism if it isn’t based on fact. The U in FUD stands for Uncertainty; and what do you think “might” falls under, or it’s relation to sowing Doubt?

The law related to job postings, is a labor law, that also covers minimum wage, and uses the same definitions. Labor Code Section 432.3 (Pay Transparency Law) Labor Code Section 1197.5 - California Equal Pay Act (Fair Pay Act) Labor Code Section 2750.3 (Employee vs Independent Contractor Classification)

Let me do the work for you; since you’d rather just spread FUD then look for facts.

1. https://www.linkedin.com/company/grapheneos/people/

• 0 California “employees” listed

2. https://www.dir.ca.gov/dlse/SB3_FAQ.htm (I just want to point out that there is a distinction; and I am not a lawyer) “Any individual performing any kind of compensable work for the employer who is not a bona fide independent contractor would be considered and counted as an employee, including salaried executives, part-time workers, minors, and new hires.”

It also sounds like they are trying to fill a part-time role. “Must be able to commit to spending 80 hours or more a month” = ~20 hours a week, but given the ebb and flow of release/bug/patch work needed…

FUD

1. GrapheneOS is a non-profit out of Canada.
2. It’s an “independent contractor” role. California has specific laws governing the classification of workers as employees versus independent contractors.

I don’t know if there’s really a better way to manage this need. They need a pretty niche specialized developer, so you have to cast a pretty wide net (globally, mind you) for remote work.

1. It’s a pretty small global team.
2. How would they financially/legally manage the burden of tax/benefit/workers rights across all boarders; especially as a non-profit.

Yes, people should know what they are getting into, with independent contractor work. I just think there is (probably) some nuance to this particular case; where hiring people on as an employee doesn’t make a lot of sense.

I don’t see Signal complying, and it’s already a target for ‘breaking’ it’s encryption. I think it is more likely to leave the marketplace in which ChatControl is forced (it’s the only winning move); and I don’t think that necessarily means you ‘can’t’ use it; if anything ChatControl environments give a framework that allows them to force supporting network/service infrastructure into blocking or restricting the ‘ease’ in which these tools can be installed, accessed and used. I would focus efforts on how people can get around this vector, not just the specific tool in use.

I believe this is what you are looking for https://killedbymozilla.com/

Enjoy the journey!
I went with a kit from splitkb ; and the community in their discord was super helpful.
Soldering a keyboard isn’t too difficult, the components aren’t very fragile, and you mostly have some easy feedback and will know exactly where you messed up (the key doesn’t work, which is easier then chasing signals/volts around a more typical soldering/electronics project). I think its a very rewarding endeavor.

I think the harder part is learning a new keyboard layout; and overcoming muscle/finger memory.

Find the skills gaps that you have; find the thing that interests you about it; and dig into that fundamental piece, don’t understand what the fundamentals might be, go check out .edu, or certification outlines with the vocabulary/knowledge you do have so you can build from the concepts (and benefit from their already determined progressions) , so you can developed additional vocabulary and knowledge of the discipline.

I think the gatekeeping part isn’t the warning or cautionary advice being given, It’s the failure to point, and give direction to, the relevant thing(s), the skill sets, the place to start in order to understand the complexities.

Like the hart-surgeon analogy given elsewhere in the comments; it’s not just the dire warning of ‘you can kill someone’ - it’s the humanity to say, well if you want to learn how to do this, you’re going to have to start by having an understanding of basic biology, organic chemistry, human anatomy, etc, and to learn about those things go here…

I think you’ve missed the point OP is trying to communicate. It’s not that these things aren’t relevant, highly important, and good caution/warning. It’s the gate that people are creating with these no depth explainers. “you need to understand” “if you don’t know” – then fail to provide direction to people who want to know, to learn these things, to figure out where to start; that’s the gate.

This article kind of reads like a nothing-burger. (and it’s buried behind a paywall).

I’m not a big fan of ‘tests’ that go and try and cherry pick one variable to play around with to make a single conclusion, when it’s really the system of various variables working in relation to each other.

The general population, and even general categories of competition, you’re better off picking a tire that hits somewhere in the top 20% of performance in all relevant categories: Aerodynamics, Rolling Resistance, Traction (various: stopping power, cornering, surface type, etc), and Durability (mostly related to the additional weight) and making additional compromises as it relates to the thing you are doing, the environment, and your experience.

The price of being on the bleeding edge.
But also, trust the process, it’s a feature not a bug.