I've been working on improving a theme for Hugo and I don't understand why JS is widely used for things pure CSS can do. Sometimes it can feel a bit hacky but I'd rather have that over JS.

Malgré que je sois retombé malade alors que j'ai eu la crève il y a à peine un mois (bien mes anticorps en mousse), j'ai pu faire cet article : wonderfall.space/storage-scope

En espérant que ce soit assez clair, sinon je peux toujours le modifier. Peace

Here's an example: Tachiyomi is a popular manga reader app with offline features that need the invasive WRITE_EXTERNAL_STORAGE permission. It doesn't need that obviously, and should use scoped storage features + SAF. This isn't a problem with Storage Scopes. :)

Show thread

Enter Storage Scopes! When you enable the feature for a given app, it will think it has the necessary access to files/media, but it only has access to its own, well, storage scope. Furthermore, you can manually add directories/files access with the system picker, much like SAF.

Show thread

User profiles were already a powerful to compartmentalize apps further. The same app sandbox rules apply, but you didn't have to fear granting such invasive permissions on a profile w/o your data on it and w/ different encryption keys.

Powerful, but sometimes cumbersome.

Show thread

A new killer feature for GrapheneOS: Storage Scopes. Ever wondered why an app asked for invasive files/media access without really needing it?

While modern apps rely on scoped storage + SAF, most legacy apps have an invasive approach, and even modern apps can misuse permissions.

Here's a vulgarized French article I wrote about just-in-time compilation and its shortcomings: wonderfall.space/just-in-time/

Show thread


That's huge for iOS security! And Safari might suck less:

> Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

What do you use for a simple SMTP server? Don't feel like maintaining a Postfix server just for notifications, etc.

(Could be a free or very cheap service)

J'ai publié un nouvel édito, pour parler un peu de tout ou rien : wonderfall.space/petit-edito/

Wonderfall boosted
Daily reminder that uptime dick-measuring contests are useless at best and harmful at worst.

You should reboot for kernel, init, and maybe libc updates. Don't live-patch if you don't absolutely need to.
Wonderfall boosted
Wonderfall boosted

I've been working mostly on Accrescent client improvements lately, so I thought I'd give you all an update on apkstat, the APK parsing library I'm writing in Go for the developer portal: https://github.com/accrescent/meta/issues/7#issuecomment-1163723982.

In short, progress is going very well and there's a clear path forward for increasing robustness and achieving parity with upstream.

I believe apkstat is already better than
https://github.com/shogo82148/androidbinary (which was very helpful in getting apkstat off the ground btw).

Sorry if that was a bit inflammatory. I'm very tired and stressed about a lot of stuff and dealing with misinformation (because that's what's it should be called, not an opinion) is the last thing I want to do right now.

More context: Bromite and Vanadium used to share code together, not so much on the Vanadium-side recently due to licensing issues. But this wasn't a huge issue and GrapheneOS had no problem with Bromite.

It's a problem when the abusers are reusing code from Bromite which was made by GrapheneOS contributors and community members. A bit of decency is required.

Show thread

Really sad CalyxOS decided to fuck things up between Bromite and GrapheneOS. Context: github.com/bromite/bromite/pul

I get what the Bromite devs are trying to say, but you can't just take a neutral stance by refusing to see evidences of abuse. Claims are ready to be backed up by evidences, these are not just random claims.

Bromite is a project I used to like, although I don't use it nowadays. I still hope this is a huge misunderstanding.

Show older

Just another single-user instance.