• 0 Posts
  • 6 Comments
Joined 2 years ago
cake
Cake day: June 20th, 2023

help-circle

  • tripflag@lemmy.worldtoSelfhosted@lemmy.worldPewDiePie: I'm DONE with Google
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    12 days ago

    in that case I would feel comfortable going with a refurb like theloweststone mentioned; pixels are the only(?) android devices which let you swap out the bootloader in a safe manner, so even a phone that’s been in shady hands should be fine if the boot hash matches. And if you know another person with graphene you can do the attestation just to be certain.

    but since the future of GrapheneOS is slightly shaky at the moment, I’ve looking at alternatives for when my current device inevitably bites the dust – fairphone and pinephone both look like decent choices at first glance. It’s an unfortunate situation but just gotta roll with it!



  • So for example if you updated the file and need to re-upload it, there is no way for you to delete the previous one.

    if this is something you’d fancy then copyparty might be worth a look – it lets uploaders undo their own uploads within a configurable timeframe, even in folders where they only have write-only access (the ability to upload files without seeing existing files).

    disclaimer: I’m the author – and also thrilled to see someone else suggesting it in the thread!


  • So I realize the following does not directly apply in this specific case, since we are talking about a full android app. But in general, there are strictly technical limitations which absolutely requires you to use https. This for example applies to PWA’s, and it also applies to apps which are WebView-based.

    Basically the w3c is disagreeing with you; there are several important javascript features which are forcefully disabled if you are not connecting over https. This is a decision made by the webbrowser itself, and not something you or the dev can disable or otherwise avoid.

    For example, it is impossible to use the browser’s built-in api for getting the sha512 hash of a file, which is why i had to go through great pains to do that in other suboptimal ways in one selfhosted service i made. Most devs rightfully wouldn’t bother, since those restrictions are arbitrary and effectively pointless, as there are (usually painful) workarounds.

    List of features which require https: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts


  • It depends who you ask (which we can already tell hehe), but I’d say YES, because you’re the one running the show – you’re free to grab all of your bits and pieces at any time, and move to a different provider. That flexibility of not being locked into one specific cloud service (which can suddenly take a bad turn) is what’s precious to me.

    And on a related note, I also make sure that this applies to my software-stack too – I’m not running anything that would be annoying to swap out if it turns bad.