dazo

joined 2 years ago
[–] dazo@infosec.exchange 1 points 1 year ago* (last edited 1 year ago)

@unruhe @Nelizea @nailoC5

Can you elaborate more on how other distributions deviate and what the "invent" on their own?

[–] dazo@infosec.exchange 2 points 1 year ago (5 children)

@Nelizea @nailoC5

I need to look at that video (thx for the time marker). So my comment may miss his point.

If Linux is so hard, I wonder how Tresorit manages it quite nicely across multiple distros. They use fuse to mount the remote repository.

And the file attributes on files/dirs have a standardised API via libc and kernel syscalls. This is needed for the sync capabilities, to have data locally and in Drive. These APIs are identical across all distributions and are file system agnostic. Otherwise the tar command would have had a really hard challenge to be so widely useful for both file distribution as well as backups.

But I'll catch up on the video later.

[–] dazo@infosec.exchange 0 points 1 year ago (11 children)
[–] dazo@infosec.exchange 2 points 1 year ago

@case2tv @unruhe @Tutanota @protonprivacy

A while ago, I summarised my mailbox.org impression ... https://infosec.exchange/@dazo/111453908525787194

TL;DR ... Proton is way ahead of most competitors in overall user experience and ease of use, and yet providing a pretty good feature set.

[–] dazo@infosec.exchange 2 points 1 year ago* (last edited 1 year ago) (1 children)

@unruhe @protonprivacy

I thought a bit more on these complaints since this post. And I realised these complaints can also be ignored by applying some basic mathematics and common sense.

Proton has more than 100 million users by now. So let's say 100 million in this example. How many public complaints would it need to be from these users to really "catch fire"? Meaning - how often do you read about complaints and from how many users? More than 100.000 users? Okay. Let's say there are 1 million dissatisfied users.

If half of that million users complained loudly on the Internet, I would say that would probably be quite noticeable. Media would most likely pick it up, and it would brew up to media storm right?

Have you noticed anything like that? Do you see that many users complaining?

And if yes, that would still only represent 0.5% of the whole user base of Proton. If you include the other half complaining "silently", it would represent 1% of the Proton users.

That still leaves 99% users which are at least to some degree satisfied with Proton.

Even if you pull it up to 20 million dissatisfied users, they would still be in the minority compared to users finding Proton's services being just fine. And 20 million dissatisfied users - that would definitely have caused some media traction, don't you think?

[–] dazo@infosec.exchange 2 points 1 year ago

@amju_wolf

They could even have a Fedora Copr repo, where they push out the updated .spec file and get a proper package build for all Fedora, RHEL/CentOS and more distros. With proper RPM packaging and repository. Push a new build and all users gets an updated package at their next update cycle.

That's a reasonable path to get started with preparing packages to become part of the native yum/dnf repos at least. And that across a lot of distributions and releases in a single go.

[–] dazo@infosec.exchange 3 points 1 year ago (1 children)

@LunchEnjoyer

@protonmail could start by actually attending various open source conferences. There are several of them only in Europe. #FOSDEM is the largest one (actually happening this weekend), @devconf_cz is another one, with lots of #Linux distribution focus as well.

Sending HR folks and developers to these conferences, having a stand somewhere, meeting people is a solid way to find new hires with a specific skill set.

[–] dazo@infosec.exchange 2 points 1 year ago

@amju_wolf @alex_herrero

Yupp, that's my understanding as well.

But Proton also insists on doing the packaging and distribution of it outside the ordinary distribution paths Linux distros uses (apt/yum/dnf repos or flatpak) ... So they waste time and energy on getting stuff working properly across a broader range of Linux distributions.

The end result will therefore most likely be a poorer user experience where some features don't work well on some distros. Depending on how their "package" will manage to integrate on the distro installing it.

[–] dazo@infosec.exchange 1 points 1 year ago (4 children)

@isVeryLoud @LunchEnjoyer

Where did they say that? They don't even have possibilities for remote work?

[–] dazo@infosec.exchange 8 points 1 year ago (2 children)

@Prototype9215 @LunchEnjoyer @LinkOpensChest_wav

That's what really happens when @protonmail insists on doing everything on their own, not even doing the continuous development in the open. They provide source code updates only on stable releases, and even that can be delayed some days until after the release.

That's not how you build a community of users, developers and package maintainers.

Had they instead spent resources getting their Linux packages into the native package streams for the most important distros, they would have solved more bugs earlier with help from the community.

That is probably the most disappointing aspect of Proton. They still don't grasp how to interact with a broader community, to get real help.

They would still need to review contributions, just as I expect they do with changes from their own employees. So it wouldn't reduce the security.

Also, they can't really hide behind the code not being ready to be published; they code is being published in the end.

But they really miss the opportunity to get their packages into the standard Lunux repositories. Which would help resolving all the incompatibility issues they now have with certain Linux distributions.

On top of that, all the needed tooling required already exists. It just need to implemented correctly in their processes.

[–] dazo@infosec.exchange 1 points 1 year ago* (last edited 1 year ago) (3 children)

@unruhe @Tutanota @protonprivacy

Give both a shot. Both are the only ones (I know of) having zero storage access as the only option; meaning #e2ee is enforced. You may have mailbox.org as a third one (E2EE must be enabled manually there).

I ended up with Proton as I experienced it far more feature rich, flexible and mature. And the Bridge is a must for my use case. In addition, it builds on PGP which can be used to have E2EE communication with people outside of Proton. (yes, I've tried Mailvelope with Tuta; that does not work at all. And doing it manually with copy/paste and PGP in an ordinary text esitor is a waste of time and also turned out error prone one the receiving end; Tuta mails gets mangled on the way).

But if you're a very lightweight mail user, Tuta might fit your need. I generally think of Tuta more like a messenger service with SMTP transport support.

Also beware, importing mails to Tuta is still not possible (unless that has changed the last months). And exporting mails are also a mess. I have migrated one user from Tuta to Proton, and I had to manually fix mail headers to get them imported. The mail export was quite poor, tbh. It took me longer than importing a handful of users from a Zimbra server to Proton - using the same Proton Mail Import/Export tool.

Finally, I just want to mention that Tuta is a company with less than 20-30 employees, serving something like 10 million users. Proton is probably closer to 500 employees these days, serving more than 100 million users. So these organisations are quite different. Which also means they have quite different approaches for developing services further and capabilities to handle sudden challenges.

[–] dazo@infosec.exchange 7 points 1 year ago (4 children)

@unruhe @Tutanota @protonprivacy

I dunno. I more often feel people who complain loudest about poor support comes from people who want a specific outcome but gets angry when they don't get what they want and expect. And then let their steam out in social media angling it in a way that they are the victims.

And this trend isn't specific to Proton, but more as a general impression.

The best way to check the support level is to actually reach out to them with an issue and then see how they respond to you.

view more: ‹ prev next ›