lastweakness

In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.

especially if it’s a scripted client, since it would deliver code uncompiled.

Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.

if you trust audits for logging practices presumably you can trust them for checking that the code base is the same

The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.

But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…

I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…

would be good, actually.

Good for us. Bad for business. I explained this in another comment too but Proton’s idea of “open source” is simply to build trust in the security and privacy offered by the service. At least, as much as you can trust any SaaS.

but then why not share the server side code?

And to answer this… Well, business and practicality… One more than the other ofc unfortunately… Why would they take on the additional burden of making it self-hostable, make the backend fully open source, etc just to make competition for themselves? And that maintenance burden is huge btw, especially when the backend was probably never intended for self-hosting in the first place.

If Proton, as a company or foundation, didn’t keep making the right decisions in terms of privacy and security, we might have had a reason to doubt their backend. But so far, there’s been nothing. And steps like turning to a foundation-based model just inspires more trust. By using client-side encryption, even within the browser, they’re trying to eliminate the need for trusting the closed source backend. Open sourcing the backend wouldn’t improve trust in the service itself anyway since you can’t verify that the code running in the backend is the same as the open sourced code. If you’re concerned about data, they also offer exports in open formats for every service they offer.

Why wouldn’t you trust them just because their backend is closed source? Ideologically, yeah I’d like them to open source absolutely everything. But as a service, whose income source is exclusively the service itself, how can it make sense for them to open source the backend when it cannot tangibly benefit their model of trust?

My other comment regarding proton and trust: https://lemmy.world/comment/11003650

They’re not actually good points at all… Proton’s open sourcing of the clients is for the purpose of trust in terms of security and privacy. The backend doesn’t matter because the point is that the data is encrypted before it ever gets to the backend. The goal with Proton’s open sourcing is not the ability to make it self-hostable. Sure, a lot of concerns are valid, but this isn’t like Microsoft or Google. Nearly all of Proton is verifiably and provably secure. Well, at least as long as you trust the web clients being served are the ones whose code is publicly available. But again… You can’t verify that with any SaaS. Such a risk is even present with self-hosting tbh. But that’s another discussion.

Nearly all of Proton’s stuff uses publicly verifiable client side encryption, so idk what all this is about

Why would Microsoft care?

… Okay?

CPU usage is famously terrible with Electron, which i also pointed out in the comment you’re replying to. But yes, having multiple chromium instances running for each “app” is terrible

Yes, it really is that bad. 350 MBs of RAM for something that could otherwise have taken less than 100? That isn’t bad to you? And also, it’s not just RAM. It’s every resource, including CPU, which is especially bad with Electron.

I don’t really mind Electron myself because I have enough resources. But pretending the lack of optimization isn’t a real problem is just not right.

They didn’t just quadruple. They’re orders of magnitude higher these days. So content is a real thing.

But that’s not what’s actually being discussed here, memory usage these days is much more of a problem caused by bad practices rather than just content.

So we’re just going to ignore stuff like Electron, unoptimized assets, etc… Basically every other known problem… Yeah let’s just ignore all that

I installed Windows on a device yesterday. I had to switch to the command prompt and type in “OOBE\BYPASSNRO” in order to just not connect it to the internet and skip the Microsoft sign in prompt. And that seems to work for the most part. Sending diagnostic data is still required and not optional but ah well.

A few days ago on another friend’s setup, he didn’t know that this option existed (who does really), so he signed up for a Microsoft account, logged in and his Documents and other folders were automatically getting synced to OneDrive. Now, for you and me, we understand that just uninstalling OneDrive should fix that or even just disable that feature itself. But this is opt-out and not opt-in. And he doesn’t really understand it’s getting synced, he simply sees that there’s oddly increased data usage. This is the kind of person who will have recall enabled without ever realising it exists or even using it, but will still have it as a potential security issue waiting to happen on his setup.

It’s all the opt-ins that Microsoft does. Everything defaults to “yes, do that worst thing possible”. And you and me will probably switch it off, but we’re not the average person. The average person doesn’t understand or care.

Look man, irrespective of who i originally intended to reply to, you responded to me by saying I was simply blaming the user. Which clearly wasn’t the case. If you think his initial anecdote at all is realistic, then you haven’t really used any well established distro in a while. Accessing an SMB share especially is very very straightforward right now if nothing else.

Void is a distro that doesn’t use systemd. That alone would put it out of the contest, let alone being the top-rated distro… It’s fine to not understand why that is, but again, you could have just asked on any community. Again man, stop complicating stuff for yourself… And I never said you’re incompetent, you’re probably really good at this stuff, I feel like you just haven’t taken the time to read through and understand. And again, even that would be fine, just don’t blame Linux in its entirety. Linux is too broad to be blamed in its entirety.

If you go by hype alone, NixOS is probably the most popular distro right now, doesn’t mean I’m going to recommend it to you.

Use an actually well-established distribution like Fedora, OpenSUSE Tumbleweed, Ubuntu or Linux mint. Use Plasma if you can. Use Flatpaks for packages where possible and use the native repository otherwise. It’s pretty much that easy these days. I even use the Steam flatpak for gaming nowadays. Grass is pretty green over here now, and I’m saying that as someone who does still use Windows. I use Windows both at work and for certain games. So it’s not like I’m out of touch either.

Sorry if that post felt rage fueled by the way, didn’t mean it that way and wasn’t in rage either. I’m just bad with conveying stuff, especially with English not being my first language :)

You know, i made my dad try OnlyOffice and he loved it except for the fact that not all shortcuts worked. Years of experience with excel shortcuts didn’t translate in exactly the way he wanted. Which makes sense ig but i think that would give it away

All that said, if you have an ISP bog standard router and one network that plays nice with it, it definitely works as a keyboard and mouse remote…

Agree with what you said before this, but thankfully, this is the majority use case

Plasma 6.1 will release soon with some further improvements. But Plasma 6 with Wayland basically solved all my issues already. My setup is fractional scaling with “Apply scaling themselves” for Legacy Applications (X11) and Adaptive sync set to Automatic. Works better than my Windows setup so far

Photopea is really nice. So is Krita. I wish Affinity would make a Linux version, but i doubt they would ever do that.

DaVinci Resolve works pretty well

I think you haven’t installed (not used) windows in a while if you don’t understand what he means by the forced onedrive

Wow you so smart bro…

Yep, it’s perfect. It’s one of the reasons i stick with Plasma