Chris Vogel shared 7 days ago
New year, new release candidate!
We've tagged #Phosh 0.52~rc1 together with #feedbackd 0.8.8, gmobile #0.6.0 and #pfs 0.0.6 . pfs now ships a simple example file selector app, excuse the logo but we were thinking about a mobile file cabinet:
Happy 2️⃣0️⃣2️⃣6️⃣ everyone!
Chris Vogel shared 25 days ago
@spipau @tbernard Thus, rather than forking Android, we'd be better advised not to build on top of AOSP and instead use the free software platforms we already have as a basis, making use of the huge amount of developer effort and research put into free software Linux distributions and apps running on them, and making that available to smartphones.
@postmarketOS is laying the groundwork here and initiatives like @modal are pushing to build the remaining pieces to have something that can compete.
Chris Vogel shared 25 days ago@spipau @tbernard microG could be continued without me. There are other contributors and certainly enough developers that could contribute. But that is because microG is a free software community project.
Android in contrast is exclusively developed by Google. AOSP is merely a code dump, it's almost impossible for non-Googlers to contribute to Android or AOSP. Even if you were to fork it, you won't have the necessary developer and security researcher power to compete.
Chris Vogel shared 27 days agoA often requested feature was the ability to change brightness on the lockscreen without having to pull down the settings menu. This can be useful in changing ambient conditions when not using automatic brightness. #Phosh 0.52 will have a two finger swipe gesture for that:
Chris Vogel shared a month ago
The #flohmarkt features we are most proud of are:
* We overthrew the geographical concept for an entirely new one.
* We offer you new ways to authenticate yourself than just username/password (Fediauth and LDAP)
* and much, much more…
Stay tuned :)
Chris Vogel shared a month ago
Chris Vogel shared a month ago
My friend seems genuinely baffled that I am an AI researcher who refuses to use AI! Not only that, but I argue against it from theory, not experience. Why don't I just give it a try for a while, and see what it's really about before I judge it?
I guess I see where he's coming from. Part of the problem is the word "AI." LLMs are not my research focus, so it's less of a contradiction than it sounds. But I admit, being a non-user makes my arguments against LLMs less credible.
I just don't understand why I owe it to anybody to give AI a shot. I know how LLMs work in gory detail, and I don't trust them. I've seen the mediocre work they produce. I've read studies about the seductive illusion of competence and caring they create, and how people fall for that. I know it's all built on an incredibly exploitative business model.
I feel entirely justified in not giving them a chance. I guess I'm just as baffled by how badly he wants me to try it, and how sure he seems to be that it would change my mind.
Chris Vogel shared a month agoWow, #phosh got a mention from #ACLU . Thanks @nikodunk for letting us know: https://www.aclu.org/news/free-speech/app-store-oligopoly
Chris Vogel shared a month ago#ldap integration in #flohmarkt is coming along great! We now have a full user lifecycle support implemented :)
Chris Vogel shared a month ago
We've released a new version of mobile-broadband-provider info. Besides updated provider info and more #cellbroadcast channel information we also added emergency number information:
https://gitlab.gnome.org/GNOME/mobile-broadband-provider-info/-/releases/20251101
Hey @ruud@mastodon.world - welcome amongst the #flohmarkts of the world!
Thanks for your ping about the installation in 
Netherlands.
I added you to the list of known instances on the wiki and sent you a federation request.
addressing a passerby: Uh, hey, nice to meet you! You're running a flohmarkt as well? You'd like to have some more visibility and reach? Come on - let's federate!
Chris Vogel shared a month ago
@me I created a new #flohmarkt instance: https://flomarkt.nl
I need to finish some configuration and then I'll open registrations. You can add it to the wiki.
Chris Vogel shared 2 months ago#flohmarkt geographic sorting and search is nearing completion and will be available in the next release :)
Hey #flohmis! I just installed the new #yunohost package #flohmarkt 0.12.1~ynh3.
The flohmarkt code stays the same. @grindhold@23.social researched the issue that after upgrades to flohmarkt the clients needed to force reload the frontend.
To circumvent the problem nginx now adds a header to control caching. **Thanks for the PR to the yunohost integration repo by @grindhold@23.social!
The testing environment of #yunhost found an issue with using add_header in nested nginx-configurations and delivered a reference: https://www.peterbe.com/plog/be-very-careful-with-your-add_header-in-nginx
Thanks to the great work of all the yunohost contributers for that great testing environment!
The newer package can be updated or installed from the yunohost app store.
Chris Vogel shared 2 months agoSave the dates: We're having an online community get together at 2025-11-18 and an offline one at @datenburg at 2025-12-04 . Everyone interested in #Phosh and the @ev is invited to drop by and chat. Hope to see you there.
Chris Vogel shared 2 months ago
one of the most comprehensive explanations of SGX I have read cam be found here: https://eprint.iacr.org/2016/086.pdf
From the download counter on the release page at codeberg I estimated that there are between 30 and 40 #flohmarkt instances out there running on #yunohost.
(Who uses ZIP 
? Well, the yunohost integration does and the counter went up by the numbers shortly after publishing the latest update to the yunohost app integration.)
On the wiki we have a list of ~20 flohmarkts. The list is meant for users to choose an instance and for admins to look for other flohmarkts to federate with.
I'd like to invite everybody to drop us a line to add your flohmarkt to the wiki: either as a codeberg issue or as a fedimessage or fedipost or on #flohmarkt IRC.
And even if you'd not like to be on the wiki page: federate with others to make your small ads more visible.
#Federation enables that #SmallAds show up on the other instances an instance is federated with directly. This gives every small ad some more reach.
My impression is that federation is extremly important to make the flohmarkts more successful as an alternative to the well know centralized services.
I opened an issue to discuss how to make federating easier without forcing anyone to share more data with the world than they do with the actual version of flohmarkt.
After an outage of #Signal (caused by a problem at #AWS) @Mer__edith@mastodon.world argued that a cloud provider is needed to run a service like Signal.
I answered that a cloud provider is needed, because Signal doesn't federate (and thereby build its own so called 'cloud').
I added that I doubt that by using a cloud provider Signal doesn't leak the social graph of their accounts.
I got referred to the #PrivateContactDiscovery by @newhinton@troet.cafe designed to protect the social graph which I simplified to hashing leaving out the use of #sgx part in my post.
I stated that I wouldn't understand how one could be sure that all which is guaranteed by using SGX really is like it is promised.
The only answer by @moehrenfeld@social.karotte.org is that I indeed didn't understand "Private Contact Discovery" completely.
It's frustrating to doubt and being left in the dark about the facts.
Today I learned something new: SGX is not meant to be save against physical attacks - or to phrase it different: SGX is meant to protect data if the OS is completely compromised, but the server is under physical safety and control:
…All three chipmakers exclude physical attacks from threat models for their TEEs, also known as secure enclaves.… (Nvidia, AMD, Intel)
…“These features keep getting broken, but that doesn’t stop vendors from selling them for these use cases—and people keep believing them and spending time using them,”…
…Those making these statements run the gamut from cloud providers to AI engines, blockchain platforms, and even the chipmakers themselves. Here are some examples:…
…The maker of the Signal private messenger assures users that its use of SGX means that “keys associated with this encryption never leave the underlying CPU, so they’re not accessible to the server owners or anyone else with access to server infrastructure.” Signal has long relied on SGX to protect contact-discovery data.…
Big thanks to @kyle@kylerank.in for sharing this post by by @arstechnica@mastodon.social: https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/ !
Maybe my naïve assumption that you can only protect data on hardware you physical own and protect has not been so wrong at all.
I'd be happy to read arguments and opinions and corrections to the arstechnica article.
Chris Vogel shared 2 months ago
Coming soon to #flohmarkt: FediAuth for any kind of #ActivityPub users. Simply send a DM to a flohmarkt instance you want to login to, and you will be able to create a user and upload small/classified ads.
Chris Vogel shared 2 months ago
@me @janvlug It's time to switch to Crimson and make it just "old" rather than "very old" 😉 It was a bumpy road to Crimson, shouldn't take as long to Dawn.
The strength of PureOS is that it can be focused on a single device, so things that affect it become strong blockers. There's no way Crimson would be released without echo cancellation, or Dawn without GLES in GTK, while for Mobian or pmOS these are just some regressions that affect some device while they still move forward as a whole.