this post was submitted on 22 Jun 2026
1 points (100.0% liked)

Free and Open Source Software

22636 readers
2 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
top 29 comments
sorted by: hot top controversial new old
[–] reallyzen@lemmy.ml 0 points 2 weeks ago (1 children)

What's wrong with Obtainium?

[–] mrsilkworm@piefed.social 0 points 2 weeks ago (1 children)

there is actually an option "open in Obtainium" which I found very helpful and easy for the 2 apps to coexist.

[–] ScoffingLizard@lemmy.dbzer0.com 0 points 2 weeks ago

What's the point?

[–] CubitOom@infosec.pub 0 points 2 weeks ago

This is interesting, but Obtainium exists and this won't stop Google from preventing installing things outside of the play store.

[–] heliotrope@retrofed.com 0 points 2 weeks ago (2 children)
[–] garden@lemmy.blahaj.zone 0 points 2 weeks ago

Thanks for the link! Even though that site is sure to fill me with endless disappointments... 🙃

[–] Sxan@piefed.zip 0 points 2 weeks ago (1 children)

If þe app did noþing else, it exposed me, via you, to Vibecoded. Now þat's a neat project.

[–] kurcatovium@piefed.social 0 points 2 weeks ago (2 children)

What the hell is that weird bp hybrid letter? From context I get that's substitute for "th", but man... It's so hard to read, at least for me as non-native. What's the point?

[–] danhab99@programming.dev 0 points 2 weeks ago

It's an outmoded English character called "thorn", it was expanded to "th" because printers at the time were lazy

[–] Vodulas@beehaw.org 0 points 2 weeks ago

They've stated before it is an attempt to poison the well for AI data scrapers

[–] solrize@lemmy.ml 0 points 2 weeks ago (1 children)

What's wrong with F-droid?

[–] artyom@piefed.social 0 points 2 weeks ago (1 children)

Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.

[–] solrize@lemmy.ml 0 points 2 weeks ago (2 children)

I don't see the point then. I can install direct from GitHub if I want that. I don't want a random intermediary that's another possible attack vector.

[–] artyom@piefed.social 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

One could say the same about the FDroid app.

[–] TehPers@beehaw.org 0 points 2 weeks ago (1 children)

FDroid's official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it's not the default flow. To use a recent example, it's like comparing the Arch official repos to AUR.

Not that there isn't value in a tool that can download apps for you from GitHub, but it's not really fair to compare that to F-Droid. You're generally safer on F-Droid's official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.

[–] artyom@piefed.social 0 points 2 weeks ago (1 children)

It's completely fair to compare on the qualities which were specified.

[–] TehPers@beehaw.org 0 points 2 weeks ago (1 children)

The qualities that were specified were security. Do you plan to actually explain how both FDroid and random GitHub downloads are equally insecure?

[–] artyom@piefed.social 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

The qualities that were specified was the ability to install the apps through the browser without the "attack vector" of an app installer.

[–] TehPers@beehaw.org 0 points 2 weeks ago (1 children)

In that case, both FDroid and the browser are intermediaries and potential attack vectors. You go through the same number of middlemen. One just verifies the packages for you.

[–] artyom@piefed.social 0 points 2 weeks ago (1 children)

So you agree that they're comparable?

[–] TehPers@beehaw.org 0 points 2 weeks ago (1 children)

If you have tunnel vision, then sure. In fact, it's just as comparable as downloading from realappmirror.ru where you have the same number of intermediaries.

[–] artyom@piefed.social 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I don't have "tunnel vision" and I don't know what that thing is. Perhaps you'd like to continue trying to explain how they're incomparable?

[–] TehPers@beehaw.org 0 points 2 weeks ago (1 children)

I already did.

If you have nothing of value to add, then I'm done discussing this.

[–] artyom@piefed.social 0 points 2 weeks ago

I have nothing to add because I've already addressed this. Now it's your turn. If you're not going to answer my question, then feel free to stop replying to me.

[–] hellmo_luciferrari@lemmy.zip 0 points 2 weeks ago

While I understand that less is more mentality here; but Obtainium doesn't just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.

[–] ultimate_worrier@lemmy.dbzer0.com 0 points 2 weeks ago (1 children)

There’s so many scary vibecoded apps being announced on here. Forgive us if we have stopped even looking into these.

Security seems to be an afterthought in almost every single one. I’d be shocked if I were wrong at this point. Advice to repo owner since they need the LLM to do anything: take a step back and have your LLM brutally criticize your work before the rest of us get PWNED by your malicious lack of critical thinking and due diligence.

[–] BarbecueCowboy@lemmy.dbzer0.com 0 points 2 weeks ago (1 children)

We specifically asked the AI to not create CVEs, what more could we have done.

[–] artyom@piefed.social 0 points 2 weeks ago

I just get instant ratelimits. I'll stick to Obtainium.