lastweakness

In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.

especially if it’s a scripted client, since it would deliver code uncompiled.

Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.

if you trust audits for logging practices presumably you can trust them for checking that the code base is the same

The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.

But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…

I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…

would be good, actually.

Good for us. Bad for business. I explained this in another comment too but Proton’s idea of “open source” is simply to build trust in the security and privacy offered by the service. At least, as much as you can trust any SaaS.

but then why not share the server side code?

And to answer this… Well, business and practicality… One more than the other ofc unfortunately… Why would they take on the additional burden of making it self-hostable, make the backend fully open source, etc just to make competition for themselves? And that maintenance burden is huge btw, especially when the backend was probably never intended for self-hosting in the first place.

If Proton, as a company or foundation, didn’t keep making the right decisions in terms of privacy and security, we might have had a reason to doubt their backend. But so far, there’s been nothing. And steps like turning to a foundation-based model just inspires more trust. By using client-side encryption, even within the browser, they’re trying to eliminate the need for trusting the closed source backend. Open sourcing the backend wouldn’t improve trust in the service itself anyway since you can’t verify that the code running in the backend is the same as the open sourced code. If you’re concerned about data, they also offer exports in open formats for every service they offer.

Why wouldn’t you trust them just because their backend is closed source? Ideologically, yeah I’d like them to open source absolutely everything. But as a service, whose income source is exclusively the service itself, how can it make sense for them to open source the backend when it cannot tangibly benefit their model of trust?

My other comment regarding proton and trust: https://lemmy.world/comment/11003650

They’re not actually good points at all… Proton’s open sourcing of the clients is for the purpose of trust in terms of security and privacy. The backend doesn’t matter because the point is that the data is encrypted before it ever gets to the backend. The goal with Proton’s open sourcing is not the ability to make it self-hostable. Sure, a lot of concerns are valid, but this isn’t like Microsoft or Google. Nearly all of Proton is verifiably and provably secure. Well, at least as long as you trust the web clients being served are the ones whose code is publicly available. But again… You can’t verify that with any SaaS. Such a risk is even present with self-hosting tbh. But that’s another discussion.

Nearly all of Proton’s stuff uses publicly verifiable client side encryption, so idk what all this is about

Why would Microsoft care?

Yes, it really is that bad. 350 MBs of RAM for something that could otherwise have taken less than 100? That isn’t bad to you? And also, it’s not just RAM. It’s every resource, including CPU, which is especially bad with Electron.

I don’t really mind Electron myself because I have enough resources. But pretending the lack of optimization isn’t a real problem is just not right.

So we’re just going to ignore stuff like Electron, unoptimized assets, etc… Basically every other known problem… Yeah let’s just ignore all that

Use it but don’t rely on it. Celeste uses rclone. The rclone support was temporarily disabled from Proton’s end a while back and also, the rclone backend still has a bunch of bugs and the developer seems to have gone missing

I installed Windows on a device yesterday. I had to switch to the command prompt and type in “OOBE\BYPASSNRO” in order to just not connect it to the internet and skip the Microsoft sign in prompt. And that seems to work for the most part. Sending diagnostic data is still required and not optional but ah well.

A few days ago on another friend’s setup, he didn’t know that this option existed (who does really), so he signed up for a Microsoft account, logged in and his Documents and other folders were automatically getting synced to OneDrive. Now, for you and me, we understand that just uninstalling OneDrive should fix that or even just disable that feature itself. But this is opt-out and not opt-in. And he doesn’t really understand it’s getting synced, he simply sees that there’s oddly increased data usage. This is the kind of person who will have recall enabled without ever realising it exists or even using it, but will still have it as a potential security issue waiting to happen on his setup.

It’s all the opt-ins that Microsoft does. Everything defaults to “yes, do that worst thing possible”. And you and me will probably switch it off, but we’re not the average person. The average person doesn’t understand or care.

Look man, irrespective of who i originally intended to reply to, you responded to me by saying I was simply blaming the user. Which clearly wasn’t the case. If you think his initial anecdote at all is realistic, then you haven’t really used any well established distro in a while. Accessing an SMB share especially is very very straightforward right now if nothing else.

Void is a distro that doesn’t use systemd. That alone would put it out of the contest, let alone being the top-rated distro… It’s fine to not understand why that is, but again, you could have just asked on any community. Again man, stop complicating stuff for yourself… And I never said you’re incompetent, you’re probably really good at this stuff, I feel like you just haven’t taken the time to read through and understand. And again, even that would be fine, just don’t blame Linux in its entirety. Linux is too broad to be blamed in its entirety.

If you go by hype alone, NixOS is probably the most popular distro right now, doesn’t mean I’m going to recommend it to you.

Use an actually well-established distribution like Fedora, OpenSUSE Tumbleweed, Ubuntu or Linux mint. Use Plasma if you can. Use Flatpaks for packages where possible and use the native repository otherwise. It’s pretty much that easy these days. I even use the Steam flatpak for gaming nowadays. Grass is pretty green over here now, and I’m saying that as someone who does still use Windows. I use Windows both at work and for certain games. So it’s not like I’m out of touch either.

Sorry if that post felt rage fueled by the way, didn’t mean it that way and wasn’t in rage either. I’m just bad with conveying stuff, especially with English not being my first language :)

You know, i made my dad try OnlyOffice and he loved it except for the fact that not all shortcuts worked. Years of experience with excel shortcuts didn’t translate in exactly the way he wanted. Which makes sense ig but i think that would give it away

All that said, if you have an ISP bog standard router and one network that plays nice with it, it definitely works as a keyboard and mouse remote…

Agree with what you said before this, but thankfully, this is the majority use case

Plasma 6.1 will release soon with some further improvements. But Plasma 6 with Wayland basically solved all my issues already. My setup is fractional scaling with “Apply scaling themselves” for Legacy Applications (X11) and Adaptive sync set to Automatic. Works better than my Windows setup so far

Photopea is really nice. So is Krita. I wish Affinity would make a Linux version, but i doubt they would ever do that.

DaVinci Resolve works pretty well

I think you haven’t installed (not used) windows in a while if you don’t understand what he means by the forced onedrive

Wow you so smart bro…

Yep, it’s perfect. It’s one of the reasons i stick with Plasma

I said your friend is an idiot, not you. And even in his case, i only really blamed him for literally intentionally messing shit up. Should I remind you that you’re the one who said that story? Congrats on winning your argument against a strawman i guess?

The second paragraph of your answer just tells me you have never had an idea of what you’re doing. And that would be totally fine if you didn’t blame it on Linux as a whole, btw. But you do just that.

Why would you use everything except the most obvious distro choices? Manjaro is literally famous for terrible practices, always has been. 5 minutes of research would tell you that much. You try nobara but not vanilla fedora?? You try pop_os but not Linux Mint? You try Void for some reason?? Fkin Void? You’re clearly not really ready to tinker and you want stuff to just work, so just go with something obviously and famously stable and out of the box like Linux Mint. It’s really that simple… You complicate shit for yourself and then complain about how you’ve had terrible experiences. Ofc you’ve had them because you never really bothered to try and keep it simple for yourself.

I always choose the practical solution over anything else. And there are real problems in Linux right now, like fractional scaling on GNOME, VR, HDR being hit or miss, anticheat not working, etc. So i don’t force anybody onto Linux. But pretending we’re still in 1995 is just malicious coming from you.

If you’re just lost about shit, people in the Linux community are generally ready to help. Hell, if you describe your use cases well, literally everybody would help you as much as they can. But coming on here and using a wild (and probably fake) story to flame something for no real reason and then expecting a positive response is kind of weird, don’t you think?

Edit: sorry, wrong user i guess. You all haters kind of blend in and look the same lol.

SMB works out of the box on every major distro, so yes, you’re bullshitting or your friend is genuinely an idiot