as i said, it “is about to be released”.

or, one could also say that the the 3.0.0 source code has been released, but the official binaries haven’t been yet :)

edit: i see https://flathub.org/apps/org.gimp.GIMP has 3.0.0 now, and from https://testing.gimp.org/downloads/ i see that https://download.gimp.org/gimp/v3.0/linux/GIMP-3.0.0-x86_64.AppImage is also there. presumably https://www.gimp.org/downloads/ will be updated very soon.

StartPage/StartMail is owned by an adtech company who’s website boasts that they “develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners” 🤔

They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡

Could anybody in short explain, what I have to understand from “it’s tagged”?

Git is the most popular version control system, which lets developers track changes to software source code. A “tag” applies a name (or version number) to a specific point in the history.

The commit shows that there was a longer with 3.0.0 tag before and now its just 3.0.0

The link goes to a commit which is tagged GIMP_3_0_0, and shows the change made in this commit. This commit happens to change the version line in a file called meson.build - this file configures Meson, which is used to build GIMP. The version is being changed from 3.0.0-RC3+git to 3.0.0. The string “RC3” in the previous version number is short for “release candidate 3”, and “git” here means that there were additional changes since “release candidate 3” was released.

What does that tell us? :D

So far the news and downloads pages still haven’t been updated, but the version being changed to 3.0.0 and this commit being tagged tells us that GIMP 3.0.0 is about to be released: official binaries and an announcement about it can be expected to appear very soon.

The tag means no more changes will be included in 3.0.0; if some show-stopping bug were discovered now, the version number would be incremented to 3.0.1 rather than to include a fix in 3.0.0. (Technically, a tag can be updated/replaced, but by convention it is not.)

The “VP Engineering for Ubuntu” being a NixOS user is hilarious and reminds me of the CEO of Ford saying he’s been driving a Xiaomi EV “for six months now and I don’t want to give it up”.

The fact remains this article is titled in a very clickbaity way

The link is to a youtube video, not an article, so apparently you resisted taking the bait… but aren’t letting your lack of a click prevent you from commenting :)

Tuta’s product is snake oil.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

If you don’t care about their (nonstandard, incompatible, and snake oil) end-to-end encryption feature and just want a freemium email provider which (purports to) protect your privacy in other ways, the fact that their flagship feature is snake oil should still be a red flag.

Clickbait. The VP Engineering for Ubuntu made a post that he was looking into using the Rust utils for Ubuntu and has been daily driving them and encouraged others to try

It’s by no means certain this will be done.

Here is that post. It isn’t certain to happen, but he doesn’t only say that he is daily driving them. He says his goal is to make them the default in 25.10:

My immediate goal is to make uutils’ coreutils implementation the default in Ubuntu 25.10, and subsequently in our next Long Term Support (LTS) release, Ubuntu 26.04 LTS, if the conditions are right.

subtitles “fixed” in them without separate SRT file

can you turn them on and off? meaning, is there a text track embedded in the video file, or is the text actually rendered into each frame?

if the former, you can easily extract them into an SRT file (or another format) using ffmpeg: https://trac.ffmpeg.org/wiki/ExtractSubtitles

it was an unfortunate choice to make the video thumbnail include the headline the video refutes, without any indication that it is being refuted, given that presumably far more people will see the thumbnail than will watch the video 🤦

I haven’t read it yet but I’ve heard good things about The Dawn of Everything by David Graeber and David Wengrow. It’s more about early history than modern history, though.

You can buy it here or download it from libgen.

I’d like u to read nineteen eighty four and then write an argument how the practice’s of big brother have been used to indoctrinate you.

I’d like you to read Isaac Asimov’s review of 1984, followed by Orwell’s review of Mein Kampf, and finally the Orwell’s list wikipedia article, and then to ponder what you yourself might have been indoctrinated by.

deleted by creator

https://www.avclub.com/spotify-donald-trump-brunch is just one of the many reasons not to support spotify.

see https://en.wikipedia.org/wiki/Criticism_of_Spotify for lots more

I see, here is where Debian patched it out of Xpdf in 2002.

Also lmao @ the fact that Okular’s ObeyDRM option still defaults to true today 😂

(Including in Debian, as their KDE maintainer declined to carry a patch to change it.)

I trust Debian developers far more

i definitely agree with you here :)

I think it was poppler or evince that decided they were going to enforce the no-copy-and-paste bit you can set on pdfs. Debian patched it out.

I found the notion of free software implementing PDF DRM rather hilarious, so I had to know more. First I found this help page which confirms that evince does have code which implements PDF restrictions, but it says that its override_restrictions option is enabled by default.

But I wondered: when did this get implemented? and was it ever enabled by default? So, I went digging, and here are the answers:

• in May 2005, the restrictions were implemented in evince in this commit
• in September 2005, the override_restrictions option was added in this commit, after discussion in bug #305818
• in December 2006 bug #382700 was opened, requesting that override_restrictions be enabled by default
• in January 2008, the default changed in this commit - but only after someone pointed out that the PDF spec does not in fact require the restrictions to be enforced. (The spec says “It is up to the implementors of PDF consumer applications to respect the intent of the document creator by restricting user access”) 😂

I don’t see any indication that Debian patched this out during the time when evince had it enabled by default, but I’m sure they would have eventually if GNOME hadn’t come to their senses :)

I’ve seen Mozilla decide they were going to enforce their trademarks. They carved out special exceptions for various distros but that still would have meant you would have to rename Firefox if you were to fork Debian. Debian had none of it.

In my opinion both sides of the Debian–Mozilla trademark dispute were actually pretty reasonable and certainly grounded in good intentions. Fortunately they resolved it eventually, with Mozilla relaxing their restrictions in 2016 (while still reserving the right to enforce their trademark against derivatives which make modifications they find unreasonable):

Mozilla recognizes that patches applied to Iceweasel/Firefox don’t impact the quality of the product.

Patches which should be reported upstream to improve the product always have been forward upstream by the Debian packagers. Mozilla agrees about specific patches to facilitate the support of Iceweasel on architecture supported by Debian or Debian-specific patches.

More generally, Mozilla trusts the Debian packagers to use their best judgment to achieve the same quality as the official Firefox binaries.

In case of derivatives of Debian, Firefox branding can be used as long as the patches applied are in the same category as described above.

The 503 errors on lemm.ee have stopped now, but yeah they were preventing it from loading anything.

Thanks for making it free software! And also thanks for using Tauri instead of Electron for the desktop apps :)

It’s not yet fit to protect from malicious apps, but it still finds some use.

That it is “not yet fit to protect from malicious apps” is an important point which I think many people are not aware of.

This makes sandboxing something of a mixed bag; it is nice that it protects against some types of incompetent packages, and adds another barrier which attackers exploiting vulnerabilities might need to bypass, but on the other hand it creates a dangerous false sense of security today because, despite the fact that it is still relatively easy to circumvent, it it makes people feel safer (and thus more likely to) than they would be otherwise when installing possibly-malicious apps packaged by random people.

I think (and hope) it is much harder to get a malicious program included in most major distros’ main package repos than it is to break out of bubblewrap given the permissions of an average package of flathub.

Downsides of distro pacakges:

• someone needs to package an application for each distro
• applications often need to maintain support for multiple versions of some of their dependencies to be able to continue to work on multiple distros
• users of different distros use different versions of the application, creating more support work for upstream
• users of some distros can’t use the application at all because there is no package
• adding 3rd party package repos is dangerous; every package effectively gets root access, and in many cases every repo has the ability to replace any distro-provided package by including one with a higher version number. 3rd party repos bring the possibility of breaking your system through malice or incompetence.

Downsides of flatpak:

• application maintainers are responsible for shipping and updating their dependencies, and may be less competent at doing timely security updates than distro security teams
• more disk space is used by applications potentially bringing their own copies of the same dependencies

🤔