All of this is really confusing, because PeerTube lets you download .torrent files, but the torrent client needs to support WebTorrent.

Oh I didn’t realize that it’s a different protocol. I thought WebTorrent was just an implementation of BT that could run in the browser. PeerTube uses normal BitTorrent though.

What PeerTube is BT based

Yes it is. But it seems like they try to hide it from the user for some reason. This is the process for getting a .torrent file from PeerTube. When on the video page, click on the three dots, then click on Download and select torrent file instead of direct download. You’ll get a download link like this: https://tilvids.com/download/torrents/3869f4ed-ba37-42a9-9876-22ed8f364a9a-1080-hls.torrent

This is the torrent for this video btw: https://tilvids.com/w/dAeCyhu6MArtNvm6iCQD9D

I think they should make the torrent option much more prominent, and also add support for Magnet links, which are easier and more convenient to share than .torrent files.

can you just seed the normal torrent files to help

As far as I know, yes.

When you watch a video using the PeerTube web UI, you can see the number of peers in the bottom right corner, next to the fullscreen button. If you hover over it, you see how much you streamed from the PeerTube server, and how much from peers. Apparently the PeerTube web UI also acts as a torrent seed (presumably using WebTorrent), but it never worked for me (probably because my browser is always behind a VPN).

At least integrating PeerTube with something like LiberaPay or Open Collective would help somewhat with creator monetization. The platform itself still needs to make money somehow, which is pretty complicated with large video files and many concurrent streams in high resolution and bitrate. I think PeerTube shouldn’t try to hide the fact that it’s based on the BitTorrent protocol, maybe that way more people would download torrent files for videos and seed them on their servers or personal machines using a simple torrent client, instead of requiring them to spin up a full PeerTube instance and setting up federation.

God damn, Lemmy really needs to start supporting polls, just like Mastodon

I know that this doesn’t apply to everyone, but if you only need Steam for the authenticator, there is a better alternative: https://help.ente.io/auth/migration-guides/steam/

You can use the steamguard CLI tool to extract the 2FA seed, and import it in a FOSS TOTP app like Aegis or ente Auth

Wasn’t that already the case for the previous 2 models?

Read the GNU definition of it:

The first part of it correctly explains that the only non-FOSS parts are firmware. The rest of it is unfortunately bullshit, because it claims that because GrapheneOS includes an optional method for installing Google services it’s not degoogled. This makes absolutely no sense, by default there are no Google apps/services at all present on GrapheneOS and it never connects to Google servers. But yes, except for some required firmware GrapheneOS is fully FOSS.

It’s not on F-Droid, they have their custom F-Droid repository but that doesn’t really mean anything. Anyone can put any app in a custom F-Droid repo, it doesn’t have any meaning in regard to FOSS licensing or user freedom.

Debian if you are new to Linux servers and self-hosting. Alpine if you get more advanced and just want something very light-weight and minimal.

It’s impossible to brick a Pixel while flashing GrapheneOS, thanks to their super easy to use Web-based installer, and Google’s great support for alternative operating systems, which also makes the installation process easier and safer.
If you mess anything up, you can always restart from the beginning and get it fixed. You can’t break a Pixel during flashing.

Is your device supported by DivestOS? https://divestos.org/pages/devices

Can’t say that I’m surprised

So it knows about all metadata

Metadata is encrypted on the client-side using Signal’s sealed sender implementation. The client also removes as much metadata as possible. All of this is open-source and happens in the client application.

plus registration with phone number

Signal doesn’t store phone numbers. It derives a user id from your phone number along with other parameters. It’s in the open-source server code, you can check it out yourself.

you need to use the client built by Signal

No you don’t. I myself use a fork of Signal called Molly.

with dependencies from Google Services and the like

Not true again. You don’t need to use the official binary that includes Google libraries. These aren’t required for the app to function. You can use Signal-FOSS or Molly-FOSS, and it works just fine.

and you can’t use one built from the source they provide

If this was true, forks like Signal-FOSS or Molly wouldn’t exist.

Which at that point means they can introduce whatever they want in whichever version.

Stupid conclusion, because all of your previous points are false

Stop spreading false information, focus on the facts.

Sorry man. I really need to read the entire thread carefully. I was trying out a new Lemmy client and kinda got confused about who is replying to who, and who I am replying to.

Running third-party code with root privileges is absolutely not a good idea. It completely breaks the Android security model. Android (as well as basically any modern, secure mobile OS) is built on and designed around the principle of least privilege. microG also bypasses SELinux MAC policies, which makes it even less secure, increasing attack surface and potentially making it easier to exploit.

Until Graphene OS pulls a Crowdstrike…

This is just pure speculation about a theoretical possibility and no counterargument to the fact that CalyxOS repeatedly missed important patches for months. Stuff can go wrong in any software release, including billion-dollar companies like Crowdstrike. Software is still written by humans, which have a very natural behavior of making mistakes. But please show me one broken GrapheneOS release from the past decade. This argument just makes no sense.

GrapheneOS always goes through extensive (including automated) testing before releasing anything. As I have explained many times, these guys actually focus on quality, security and reliability. Also, we’re talking about ASB patches that are provided by AOSP, so if something goes wrong, not just GrapheneOS will be broken, it would affect all AOSP-based systems that deliver updates in a timely manner (Calyx of course not included, they don’t give a fuck about delivering updates in a reasonable time)

They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.

I really recommend reading more about Android Security Bulletins.

Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.

Obviously. But they also never claimed that. They at least do the bare minimum of delivering patches in a timely manner. CalyxOS takes a month, while GrapheneOS almost always does it on the same day. There is no excuse for taking a month to do this, unless you don’t really care about the security of your users, and you are misleading them, and giving them a false sense of security.

Signal having the server code closed source for more than a year so the Signal devs could get a headstart and insider knowledge

That argument makes absolutely no sense. This server-side code does almost nothing. The only task it really has is passing around encrypted packets between clients. All of the encryption is client-side, of course including metadata encryption. That’s how end-to-end encryption works. The server code really doesn’t matter. The Signal protocol, which is used for client-side, local, on-device end-to-end encryption has always been fully open, and it can be used by any app/platform.

How one can trust Signal after them showcasing what they truly stand for is mind blowing

It’s very simple. The client is open source, and the encryption happens locally within the client application. You don’t need to trust anything or anyone except for the code and mathematics, which are fully open, so you can verify them yourself.

It’s mind-boggling how people attempt to spread so much misinformation while having absolutely no understanding of the topic their talking about.

Matrix lacks metadata encryption