Wonderfall @wonderfall@mastoid.dev

I've been working on improving a theme for Hugo and I don't understand why JS is widely used for things pure CSS can do. Sometimes it can feel a bit hacky but I'd rather have that over JS.

😎

Inline JS is cancer.

https://github.com/kata-containers/kata-containers/tree/main/src/tools/runk

Another OCI runtime "written in Rust".

Malgré que je sois retombé malade alors que j'ai eu la crève il y a à peine un mois (bien mes anticorps en mousse), j'ai pu faire cet article : https://wonderfall.space/storage-scopes/

En espérant que ce soit assez clair, sinon je peux toujours le modifier. Peace

Here's an example: Tachiyomi is a popular manga reader app with offline features that need the invasive WRITE_EXTERNAL_STORAGE permission. It doesn't need that obviously, and should use scoped storage features + SAF. This isn't a problem with Storage Scopes. :)

Enter Storage Scopes! When you enable the feature for a given app, it will think it has the necessary access to files/media, but it only has access to its own, well, storage scope. Furthermore, you can manually add directories/files access with the system picker, much like SAF.

User profiles were already a powerful to compartmentalize apps further. The same app sandbox rules apply, but you didn't have to fear granting such invasive permissions on a profile w/o your data on it and w/ different encryption keys.

Powerful, but sometimes cumbersome.

A new killer feature for GrapheneOS: Storage Scopes. Ever wondered why an app asked for invasive files/media access without really needing it?

While modern apps rely on scoped storage + SAF, most legacy apps have an invasive approach, and even modern apps can misuse permissions.

Here's a vulgarized French article I wrote about just-in-time compilation and its shortcomings: https://wonderfall.space/just-in-time/

https://apple.com/uk/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/

That's huge for iOS security! And Safari might suck less:

> Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

What do you use for a simple SMTP server? Don't feel like maintaining a Postfix server just for notifications, etc.

(Could be a free or very cheap service)

J'ai publié un nouvel édito, pour parler un peu de tout ou rien : https://wonderfall.space/petit-edito/

Sorry if that was a bit inflammatory. I'm very tired and stressed about a lot of stuff and dealing with misinformation (because that's what's it should be called, not an opinion) is the last thing I want to do right now.

More context: Bromite and Vanadium used to share code together, not so much on the Vanadium-side recently due to licensing issues. But this wasn't a huge issue and GrapheneOS had no problem with Bromite.

It's a problem when the abusers are reusing code from Bromite which was made by GrapheneOS contributors and community members. A bit of decency is required.

Really sad CalyxOS decided to fuck things up between Bromite and GrapheneOS. Context: https://github.com/bromite/bromite/pull/2102

I get what the Bromite devs are trying to say, but you can't just take a neutral stance by refusing to see evidences of abuse. Claims are ready to be backed up by evidences, these are not just random claims.

Bromite is a project I used to like, although I don't use it nowadays. I still hope this is a huge misunderstanding.

Pixel 6 is going to support exFAT. 👀