Good to note this example is from 2022-08-30. Despite its “reputation” among some, Arch doesn’t break that often by itself.

Not OP, but modularity. An X11 WM is just a WM. You can choose compositor, bar, shortcut daemon, etc. With Wayland, a single implementation holds most of that, and more. If you need a specific feature from your display server, you are stuck on WMs that support it. This has forced me to use KDE for Wayland on my main workstation, and although it works well, it’s not my prefered WM/workflow.

Alongside that, no clones of several X11 WMs exist. bspwm for example. Riverwm exists, but has major limitations, and the workflow isn’t the same.

The extra y just forces a database update. The mechanism to detect when not to update the database is a simple timestamp compare, and shouldn’t break. archlinux-keyring might need a “manual” update if an Arch Linux system is left without updates for a longer period of time. That’s the only situation doing pacman -Sy, then pacman -S archlinux-keyring is recommended, and it needs to be followed with pacman -Syu to avoid a partial upgrade.

https://ntfy.sh/

Easily set up, and easily attached to other things. Simple notifications about whatever is needed, like service health or updates, new posts on public platforms, etc. A simple curl is plenty to send and receive notifications, and it works on Android without requiring FCM (Google infrastructure).

I use mautrix/discord, it can work in both puppeting (sign into your account) mode and relay (bot account with webhooks) mode.

1. A puppeting (personal account) Discord bridge basically requires your own homeserver. You are trusting the homeserver owner / bridge host fully with your Discord account.
2. It is technically against Discord ToS. While I don’t think anyone’s been banned yet, several people have started receiving warnings that they “spammed”, most of them after sending an attachment. These warnings are on your account for 2 years, and could contribute to an account ban.
3. Voice chat is not, and probably will not be supported.
4. Do NOT bridge a “large” server. You are essentially re-hosting the chats, which can be extremely taxing for large and active Discord servers.

I use mine for a single channel in a “medium-size” server (~2k people), a friend group server, DMs, and a few channels that follow a bunch of announcement channels on other servers.

““compromised device”” in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.

The headline is sensationalist, but it isn’t something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That’s effectively what this attack allows.

Sorry, posted that on mobile without checking that it’s not the mobile link.

There’s a legal precedent that cookie stuffing is considered wire fraud

Lead dev of grapheneos is extremely toxic in communication. I don’t trust someone like that developing the software running on a phone.

EDIT: This comment seems to be particularly controversial, with many people praising GrapheneOS as a project, while ignoring the developers views and actions. Although my opinion of the main developer is negative, the project itself and its goals are great. To clear up some confusion, I want to add to my previous statement:

At first, this seems like the standard “separating art from the artist”, however, GrapheneOS is a ton of code, not just art. When it comes to other forms of art, like literature or paintings, an artist maliciously hiding their personal beliefs in their otherwise “unbiased” work might degrade the quality of the final result, but does not have much significant impact outside of that. When it comes to code, programs, OSes, this changes. The artist (programmer) changing their art (code) based on their personal beliefs is not just a degradation in quality, but a security risk for anyone running the code and trusting the developer. Having seen the way the GOS dev speaks about its community and even people in support of him (see Louis Rossman’s video), it becomes clear that the mentioned “risk” of malware is very much present. Like many others, I don’t have the time to verify the source code of an entire Android rom myself, which means I would have to trust the GOS dev to not insert anything malicious, after the statements he’s made. I’d have to trust him after he’s grouped a majority of his community into “people who are after him and are swatting him”. It’s a very real possibility that someone with beliefs like that would add malicious code to his project, and I’m personally not willing to run that risk.

Please note that I am not encouraging people to “go harass the dev”, that is an immoral action nobody should be doing. I am trying to inform people of the developers behavior online, past and current, so they can make a decision for themselves whether to run his software on their personal devices.

Depends on how it’s implemented. Anyone using a “media proxy” will see their discord bridged media probably fail to load (outside of possible caches) after a day. Anyone who has their bridge configured to reupload discord media to their homeserver should see no change.