SELinux protects systems from bugs in software. Not against users with full root privileges using their own hardware.

True. But most good stuff isn’t a solution for everyone. It takes real effort to escape vendor-lockin. Bigtech made sure of that.

If something is too simple to set up or requires no set up, or comes from a for-profit company, but doesn’t cost anything, then it always suspicious.

I am just saying that the issue is not with passkey itself, but the individual implementations and that google/twitter/etc. is pushed towards regular users.

Critiquing passkey because vendor-lockin is like critiquing HTML for allowing ads.

True. But I would say that this isn’t an issue intrinsic with passkey. Many people don’t have time/energy or the attitude to think critically about technology and are herded towards Google/X-corp/etc with offers of convenience and because they are often the only offered choice on the web sites. But from the POV of passkey they just act as a password manager.

I use them with bitwarden and a self hosted vaultwarden. If my phone breaks, no issue. If my server breaks, I got local backups… Keys are stored encrypted in a postgres database for which I have access, if I need to restore it. No lock-in issue or risk of loosing access when one or two devices break.

A better, well defined API for password managers to insert login information to the site compared to text boxes.

I self host vaultwarden, and use bitwarden clients everywhere. Passkeys are stored there

Passkeys to me, are a better way to insert login information. Some developers don’t think of passwords getting automatically filled in, so this autofill sometimes breaks. Passkeys might be a improved interface to integrate password managers. Also, sometimes 2FA keys from my bitwarden client gets copied into the clipboard, which sometimes overwrites the stuff I wanted to preserve in there. This does not happen with passkeys.

I store the passkeys in my self hosted vaultwarden, they are a good replacement for auto inserting random passwords via text boxes.

You can? At least I do that. I host vaultwarden myself and store the passkeys there.

Passkeys to me are just a better way to autofill in login data.

It is too big when the density of reasons to go there and explore becomes to little.

Personally, I don’t really care for games that have huge maps just to pass through while traveling around. There needs to be a reason in the story for every place to be there.

Every village, town or city needs to be filled with quests and stories, and the space between them as well to a lesser extend. They serve as immersive distractions. They need to be alive.

The map is too big if it cannot be filled with enough stuff to explore and experience. And I don’t mean climbing yet another tower, or doing yet another variation of the same puzzle.

TBH, I am not much of a sandbox game player and the JC 2 and 3 maps looked nice, but didn’t really invite me to stay and explore a single area for a while, because the areas didn’t have much depth. I prefer a much higher density of things to do. Each village should have a couple of hours of content, exploring it and the neighboring area. And larger towns or cities even more.

I want to minimize the ‘just cruising through’ parts of maps.

Cyberpunk as well had too much dead space when it comes to stuff to do in many parts of the city. Some parts of course act as just the background for other parts, which is fine. But other parts where beautifully handcrafted and interesting, but there is not much to interact with or people to talk to there.

To me it is important to have enough content and depth that the player learns to get to know their way around a place, and gets to know characters and develop relationship with each place.

If you like sassy AI, take a look at ADA from satisfactory. She is insulting the player ins some way on every upgrade.

I don’t know what you mean by that. No country or federation in the world is self sufficient. Everyone needs global trade.

On a separate note, the BG3 native Linux version is so strange. Larian is threating the SteamDeck like a console. As if it is a bundled OS+HW system with only one available game store and only one useable OS. So they are only releasing it in steam, not on any other store. As if that means it can only be installed on SteamDeck and not on other Linux systems on different Hardware. They forget that anyone can install other Linux distributions or even windows in SteamDecks or use other game stores.

This decision is so strange, because it disadvantages people that bought the game for PC elsewhere and own a SteamDeck.

Like will they make performance patches to their games gated behind which which store the game was bought from?

I echo the criticism of the term ‘sideloading’, before it started to mean just installing software, I assumed it meant using a separate device or software on the side, like a PC with a debug interface or memory inspection tools, to inject custom code into a running system or software.

Similarly to preloading libraries into games or other software to replace functions in order to change or enhance the game or software. For instance used with script extenders or game mods. There it is ‘pre’ because the software is not running yet. ‘Side’ would be on running software.

But installing applications (the distribution doesn’t matter) is in no way side loading.

And I really hate that the press or whoever picked this term up from apple or google and ran with it without question.

And now, because that term is so strange and useless in that way, its definition keeps getting changed into whatever the industry needs in order to squeeze out more money and personal data, while taking away the freedom and rights of the owners.

Apart from questionable quality of the result, a big issue to me about LLMs is the way it substitutes human interaction with other humans. Which is one of the most fundamental way humans learn, innovate and express themselves.

No technological innovation replaced human interaction with a facsimile, that way before.

Sure, but we are talking about the US here.

Or are you all busy building tunnels and bunkers over there? Organise in your neighborhood and build local groups?

Pretty sure that if the media starts calling these guerrillas terrorists, anti-american, instigators of violence, Communists, Antifa, and so on, they will loose public support and without broad local support in the population, guerilla fighting will not work.

Afganistán and Vietnam fought guerilla against a foreign invasion. US would have to fight ‘guerilla’ against their neighbors and other Americans, against people like them… I don’t think this is comparable.

In an all out war, (which I doubt will happen) all these guns in the population don’t matter against drones, aircrafts, tanks and trained snipers or other soldiers. If the military and all other agencies decides to support Trump, all these weapons will be useless. The pentagon surely has plans for a civil uprising in their own country.

I don’t think the US has enough ordinary citizen that would actually risk their lives for democracy, to make a difference. Media and social media is controlled by the oligarchy, and even the progressives don’t seem to want to cut themselves loose of twitter, Facebook/Whatsapp, google, bluesky, discord and so on. Where would they even organize?

If it would run a open source firmware or be open source hardware, it would be nice. But they are using a non-OSI/non-FSF license, so it is not open source.

Once it passes inspection, the F-Droid build service compiles and packages the app to make it ready for distribution. The package is then signed either with F-Droid’s cryptographic key, or, if the build is reproducible, enables distribution using the original developer’s private key. In this way, users can trust that any app distributed through F-Droid is the one that was built from the specified source code and has not been tampered with.

https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html

The issue there AFAIK is that some app builds aren’t fully reproducible, because if they were the developer signature would still apply and be used. In the reproducible case the security of the build infra wouldn’t matter, because the same app would be produced the same regardless were they are build.

Without reproducible builds, you cannot really trust the software anyway, because the Dev could hook some hidden code only for the released binary app and sign that.

Na… The likelyhood of installing some bad or fake app from google play store is much higher than on fdroid.