Urgh. No, I was thinking of UIs that are information-dense and allow quickly scanning across long threads and thousands of messages, e.g. https://usenet-abc.de/wiki/uploads/Team/Sylpheed2.7.1_big.jpg
Interesting! Projects like https://sensor.community/ might be willing to collect such data.
First you release something, wait until is widely adopted and then add ways to control users or capture their data, for example host contents on a CDN you control, or add paid extras, or switch license for later releases. All of this examples happened in the past. The good old embrace-extend-lock-in.
I’m surprised the author did not mention NNTP, the protocol that ran the larges federated discussion system since 1986.
ActivityPub reinvented NNTP with less efficiency and very poor documentation.
makes me lose faith in Debian as an organisation
AFAIK this person has been also banned by FOSDEM and FSFE and others so I would take his statement with a pinch of salt before blaming Debian:
https://lwn.net/Articles/888204/ https://fsfe.org/about/legal/minutes/minutes-2019-10-12.en.pdf https://openlabs.cc/en/statement-we-have-been-a-target-of-disinformation-efforts-our-initial-reaction/
While the article provides good description of fuzzing, static analysis etc it focuses only on a set of threats and mitigations. There is much more:
I agree that claiming that something is secure just because it’s FLOSS is an oversimplification. Security is a much bigger and broader process than just analyzing a binary or some sources.
The tables here are more clear: https://en.wikipedia.org/wiki/Free-software_license#Comparison
This sounds very much like a smear piece. For a list of projects receiving funding see: https://en.wikipedia.org/wiki/Linux_Foundation
The article is indeed one-sided and often makes exaggerated claims.
One example: "This is in contrast to a rolling release model, in which users can update as soon as the software is released, thereby acquiring all security fixes up to that point. "
This ignores that facts that new releases are the only source of new vulnerabilities.
Plus, new vulnerabilities are still to be reported. A 0-day in the wild is usually worse than a published vulnerability: at least you can learn about the latter and take decisions on how to handle it.
This statements can be profoundly misleading when taken without context.
Security is complex and multi-faceted. It needs to be understood with the proper context:
The majority of security breaches are surprisingly low-tech (phishing, guessable password…, stalkerware, built-in telemetries)
Without context an article that goes “Linux being secure is a common misconception in the security and privacy realm.” can easily fuel FUD.
Hurd or not, we need a new kernel. Linux is showing its limits around security and modularity. Writing drivers is difficult, error prone and users need to trust drivers not to introduce vulnerabilities. Vendors often refuse to write drivers or to write them well enough to be accepted into mainline Linux. Also, Linux and Hurd are not under GPLv3.
No, you are confusing flatpak with sandboxing. Sandboxing is a good thing. You don’t need flatpak to implement sandboxing. Additionally, good sandboxing has to be configured by trusted 3rd parties, like package maintainers, not by upstream developers, because the latter creates a conflict of interest.