Where did you get this idea?

I didn’t knew about Microsoft taking over the fsf either, and I am getting concerned about the real freedom behind my beloved Linux.

I think you are confusing FSF with the Linux Foundation, and you can see MS as part of the platinum LF members. Was that it, or you really meant FSF?

If you have installed wlroots, that’s why. Wlroots has a hard dependency on libseatd, which is provided by seatd. Labwc also directly depends on it. Sway as well can use seatd as both documented by sway itself, and its arch wiki, but for some reason it doesn’t directly depend on it, though it depends on wlroots, :). This is not a problem on arch since the seatd service can co-exist with logind/systemd, and on arch you can use the seatd service combined with libseatd for software build on top of libseatd, and users on arch can then choose between seatd or policy kit on that software. On other non systemd distros like artix, the seatd daemon is in conflict with logind (on artix it’s extracted from systemd), precisely because you can get away without logind as long as you use acpid to provide some of the functionality logind also provides besides session administration. Not sure if besides wlroots on archthere’s additional software depending on seatd. Several wayland compositors are based on wlroots, which attempts to somehow offer a standard for compositor and applications developers.

So it might be xdg-desktop-portal behaves differently for sandboxed apps such as flatpak ones than regular apps, hmm. So I’d still like to know how required d-bus is…

Thanks a lot !

Have you explore hyprland, niri (scrollable, not dynamic, but it’s sort of dynamic then) or sway (static tiling though, but offering tabbed layout and dynamic stacking/floating, plus hugely customizable)? Did you discard them because not close enough to bspwm? Just curious, not to judge your decision or anything like that.

Being an artix user, are you using logind (the official default), or just seatd, or the new logind alternative turnstile (not supported by all init systems, looks like only dinit which I use and openrc, tough void has it working with runit I believe)? I’m wondering what’s really required on wayland. I like the approach of just seatd, but I don’t know what one would lose and what are the wins, but if not seat alone then turnstile which actually require seatd. Also I would like to drop calling d-bus, but I’m not sure if that would prevent the compositor to work, but further if screen sharing with webrtc, electron apps like slack or teams-for-linux would stop working. I guess not using d-bus would not affect mako. But any ways, I’m curious of what would be you choice for your wayland experience if/when you get into it. The official and default way is just logind plus d-bus plus polkit. For such sharing xdg-desktop-portal is required, which fundamentally seems to be plumbing of d-bus, but I’m not sure…

BTW, from the blog post referenced, dudemanguy is also the mpv developer, so that requires quite a lot of effort (mpv specially on the support side of things, besides the developing effort, particularly to support wayland, and mpv does for some time now) together with artix effort. I’m glad he’s back writing, :)

Hey, sorry to take adantage of your answer, perhaps you can help me out though.

Is dbus actually necessary for xdg-desktop-portal? I understand from this flatpak post that xdg-desktop-portal is actually a bunch of d-bus interconnections, which of course make d-bus fundamental for xdg-desktop-portal, but wanted to confirm. xdg-desktop-portal is a must on wayland if one wants to share screen through webrtc, or electron apps like slack or teams-for-linux (probably zoom which is Qt as well). But I’ve read some people (this for example) start sway from console without d-bus, without logind/systemd, just seatd on the background (wlroots and sway support seatd). So perhaps those people are not interested on sharing screen, I don’t know. Or perhaps such d-bus plumbing is only required for flatpaks apps, which are sandboxed, thus requiring all that interconnection to access resources and such, and then I’m not sure about a thing…

Thanks !

BTW, just in case, not only the system configs are inmutable on Guix, the root/system directory is also read-only making it an inmutable distribution. So the argument that the Guix system is not inmutable is not correct. There are many places clearly stating that, but the itsfoss 12 inmutable linux distributions is one of them, and by its definition of inmutable:

An immutable distro ensures that the operating system’s core remains unchanged. The root file system for an immutable distro remains read-only, making it possible to stay the same across multiple instances.

So Guix is actually an unmutable distribution. But moreover, it’s much more than that.

I second xmpp + omemo, and would caution that as far as I can remember matrix leaks significant metadata when syncing between instances/services.

As a personal decision I got away from signal (molly in fact) more than a year ago.

I’m also keep jami working with my family, particularly for things not requiring immediate response. It’s a different beast, since it’s p2p, but there’s no server associated to it, no matter if decentralized or not. It’s easy as well, just not as responsive, in particular if looking for immediate responses… I like and keep both, hoping jami improves.

Ohh, I understand now what you’re saying. LOS (upstream) finally allowed uG to work on their images, though not pre-installed with them, it’s mentioned on LOS4uG FAQ, see question Why do we need a custom build of LineageOS to have microG? Can’t I install microG on the official LineageOS?, the answer includes a couple of references to LOS MRs. I was not aware of that, and that makes all derived ROMs inherit such ability from upstream LOS, including divestOS, so now I see what you were talking about. The answer in that FAQ doesn’t indicate that the official F-Droid client can be installed, and even better neither it or it’s lighter official client (that one never supported privileged extension) require privileged extensions to install apps in the background, so no need to install such extension through adb, and once installed the F-Droid client, one can add the microG repo to keep the uG apps up to date. Therefore no need for LOS4uG actually.

The sad thing is that divestOS images/ROMs are no more, since divestOS is dead. I hope LOS ports divestOS’ boot locking/unlocking mechanism from the still available divestOS repos, that would make LOS even better.

The other sad thing is that as LOS4uG signs with its own keys, different than the LOS ones, once you start with such images, unless you can backup everything, apps, apps settings and contents, LOS settings, and so on, without a google account, you’ll have to keep using it, until you change phone, or you are OK with a factory reset and having to set everything again, since moving to LOS implies different signatures and keys, which in turn implies factory reset and further cleanup to make the image work, :( That holds true if wanting to move to divestOS images as well.

Sorry I didn’t understand what you were saying. I’ve been using LOS before it was named like that (cyanogen), and as far as I can remember when uG showed up, LOS decided it didn’t want to support it, and it was until early last year that it decided to finally allow it, though not helping a bit providing it pre-installed, which is fine, because then the user can get to it, or rather Gapps. So I never read back about LOS criteria changing…

What do you suggest? If they get forced to use something encrypted, they won’t choose XMPP for sure, most probably something like whatsapp or telegram.

Being forced to use non standard protocols, and specially non federated ones is also a concern. Where I live, it’s assumed that all clients/users must use whatsapp, so they don’t answer your questions, you can’t ask them anything, you can’t share any doc with them if in need for support, it it’s not through whatsapp. And everyone seems happy with it.

e2ee by itself is not enough for privacy, metadata counts, and on proprietary communication systems one doesn’t even have a clue what data is mined by the company/owners or even worse if they have non disclosed mechanisms to do that or even worse to introduce back doors.

If I’d suggest something, that would be a standard and federated protocol with e2ee like xmpp + omemo. But again, I’d be naive to assume that’s a possibility, if forced to do something corporations will choose what’s more convenient to them not to the user, and that usually translates into proprietary abusive mechanisms.

Now about nerds using gnuPG/openPGP keys, ohh well, thunderbird chose what to me is the wrong path of not using gnuPG underneath (now by default all keys are exposed unencrypted, unless you choose to use TB’s master password for example, between several other limitations, the good thing is that there’s sequoia-octopus-librnp to the rescue), but that path allows them to offer a really easy way for users to interact with openPGP keys. On Android K9, now a days Thunderbird, has made it really easy as well to use gnuPG/openPGP keys when accompanied with openkeychain for example. There’s nothing obscure neither truly complex about current gnuPG/openPGP usage these days. I would agree like 15 years back one really needed to learn how to maintain the gnuPG keyring, how to add and manage public keys and how to manage your own private keys. But even then there was Enigmail, which after TB chose that path turned into just a shell to help move from Enigmail to the chosen TB’s librnp way, and Enigmail made it really easy to do all that gnuPG stuff. Besides thunderbird, which I wouldn’t say is a nerdy thing, there were/are several other easy alternatives to use and handle gnuPG/openPGP keys. So, not really nerdy, I’d think just willing to go a bit beyond what the corporations offer you, for “your own convenience”. But how many people even care? I’d say we’re a sleepy society, accepting everything imposed to us, even when there’s no need to, because of the hassle to look for truly privacy respectful, security respectful (from the user perspective, not just the corporations perspective), and also really important user liberties/freedom respectful, which Today’s corporations with the help of some communities and the banning culture we all embraced, have been successful in convincing us that’s unnecessary in favor of more “practical” alternatives, including proprietary ones…

Well, I think you already mentioned the key thing about encrypting disks. It’s not about protections when the block device is already decrypted and the filesystem already mount. At that point your disks are decrypted and anyone with or without physical access to your device, if gaining any access to it you’re toast. That’s true, but that’s not what disks encryption help you with, and you already mentioned. If you turn off your device, and someone steals it, or gains access to it, they can’t look at your contents, that’s it. That wouldn’t prevent malicious people, to instead plant something through UEFI for example, and you are right about that case. And if you never turn off your computer, and just do sleep to memory, then you depend on how strong your password is, or any other authentication mechanism you have…

Can you explain why if someone get access to your encrypted disk, they would have access to its contents?

Phoenix is not a browser, is it? AFAIK it’s a similar user.js to Arkenfox… They claim to be better, and have their on comparison, but I don’t know:

https://codeberg.org/celenity/Phoenix/wiki/Comparison

Arkenfox has been like the default user.js for privacy… Perhaps phoenix already is better…

Well it’s a bit confusing. On Guix’ wiki General features you can read:

Guix keeps track of these references automatically so that installed packages can be garbage collected when no other package depends on them - at the cost of greater storage requirements, all upgrades in Guix are guaranteed to be both atomic and can be rolled back.

The roll-back feature of Guix is inherited from the design of Nix and is rarely found in other operating systems, since it requires an unorthodox approach to how the system should function (see MicroOS).

And then on its wiki Guix System (operating system) Roll-back you can read:

This is accomplished by a combination of Guix’s functional package manager, which treats each package and system configuration as an immutable and reproducible entity,[58] and the generation system which maintains a history of system configurations as “generations.”

So the system configurations on a Guix system are actually immutable, as opposed to regular gnu+linux distributions, which can change the system configuration on the fly. What else is immutable on Guix, I can’t tell, but at least you can not change its system configs. What is atomic is the upgrades.

I’m not sure, but as Guix borrowed these properties from Nix, I’d think this applies to Nix as well.

In other words, at least the Guix system has immutable components. And further, the system config which is immutable, is also declarative. Combining those two things might be intimidating, since it’s not like on the fly one can go and change the system config, which might be required when debugging some misbehavior, and it’s what most distros document, then one needs to learn about guile, and a bit about functional programming I guess or at least their basics… Deploying systems might take advantage of such declarative configurations though…

Regarding omemo, dino is getting there, see its closed issue 1609. Not sure why it has taken them too long for a new release, but they have the stuff already merged.

Ups, I just got to enjoy piped and in particular pipeline on gnu+linux and libretube on AOSP.

Pipeline in particular allows to totally avoid electron (freetube), and in both cases the piped instance is the one communicating with youtube, not me, :) And both applications support sponsorblock (tubular does, but newpipe doesn’t). But not talking directly to youtube is a win. Did I mention dropping another electron app, :) ?

But… I installed pipeline from AUR, because I don’t like flatpak… Not sure if other user repos offer it as well…

I’m interested on what changed that make it differ from Mull in a non recommended way. Are you referring to their 1st MR? where they outline:

• Replaced Arkenfox & Brace preferences with ones from Phoenix 2025.01.06.1…
• Added support for Google Safe Browsing (Safe Browsing is disabled by default and can be enabled by setting the following preferences to true in about:config)

I understand Mull was using arkenfox which is sort of the go-to reference, and now ironfox move to phoenix. The safe browsing is the same approach Librewolf follows, though I don’t like their comment on a proxy. I don’t like their choice of the brave search engine, but I always replace that with searxng tweaked a bit.

The MR doc doesn’t look too terrible, but don’t know about the changes themselves.

As mentione SMS is by no means secure, and although silence hadn’t gotten any update, still works as a champ on Android 15.

What works for me is freetube on desktop, and tubular/newpipe on AOSP.

https://gitlab.com/ironfox-oss/IronFox/-/issues/7

https://gitlab.com/fdroid/fdroiddata/-/issues/3457

Ohh, so it changed for being webkit, to be a FF based browser. At any rate Librewolf keep being like the closest, FF but with better defaults, and without the need to configure the arkenfox stuff.

It’s a webkit engine based browser, actually it uses webkitgtk. Now webkit is the engine on which safari (apple) is based as well, and it’s been there for some time. blink, which is what chromium based browsers use, is a fork from webkit with its own extras.

So it all depends, chromium based browsers are all blink engine based browsers, which are pretty related to webkit engine based browsers (midori is not the only one BTW). As well as there are a ton of blink based utilities such the electron ones (chromium in disguise), there are still quite a bit based on webkit, specially gtk applications.

gecko as opposed to the other major web engines never had some sort of toolkit that would make it easier for other applications than the mozilla ones to be based on it, and it seems there will never be such toolkit, even less with the dominance of blink based browsers and applications, and in a lesser way but still high use webkit applications and browsers.

If looking for actual alternatives to what dominates the market, I believe gecko is the option at the moment, and if the FF defaults are unsane, I’d strongly suggest using Librewolf, which is essence is FF with much better defaults, it partially uses arkenfox configs, but it’s independent and has its own decisions, and also removes very few blobs like pocket at build time.

Eventually servo might become the web engine to look for, and perhaps verso the web browser based on servo. But they are still in early stages as to be considered for day to day regular use. I’m not sure if servo is both a web engine and also offers itself as a toolkit so other applications besides a web browser can be based on it, similar to webkit or blink, but I believe that’s not the case, at least not yet, though I wouldn’t put my hands on fire for this, :).

Bottom line, you might want to take a look at Librewolf.

Unfortunately divestOS is retiring, and Mull, something like Librewolf but for AOSP based devices, has ceased development. I’m really hoping someone capable of forking it does it…