More

neobrain · 2026-05-06T20:43:59 1778100239

They are hiring specifically for that: https://old.reddit.com/r/ProtonDrive/comments/1spx14d/proton...

neobrain · 2026-04-27T12:26:55 1777292815

Most people don't realize that the Asahi team ship features only once they work without quirks. For the set of supported hardware features, Asahi is much closer to a macOS experience than to an average x86 Linux laptop experience.

Meanwhile, Linux on my Lenovo X13s "works" but has tons of quirks: Boot fails 2 out of 3 times, the device hard-resets sometimes when waking up with a display connected, and the speakers are unusable due to lack of active overheat protection (and somehow this affects even external speakers). It technically works, but it's incredibly frustrating to use in practice.

If you plan to use Linux and don't need an ARM laptop, there's little reason to prefer a Qualcomm device over an x86 one currently. On the other hand, M1/M2 easily outperform a broad class of x86 laptops, and they have a Linux experience that's for many use cases close to on par with official vendor support.

neobrain · 2026-04-27T07:59:09 1777276749

+1 for this approach. For a mobile app, I made Nix spawn an ephemeral Android emulator instance for generating up-to-date screenshots, requiring no prior setup and leaving no lingering data around after running. Setting it up wasn't that high-effort in my case either; coming up with the idea was the hard part, the Nix code was one-shot by your favorite LLM.

Granted manually updating the screenshots isn't the most laborious task in the world, but the "upload-apk + take-screenshot + transfer-back-to-PC + edit" process is usually barely annoying enough that you end up almost never doing it otherwise (similar to the OP's experience in the closing paragraph).

Landing7610 · 2026-04-28T17:36:05 1777397765

That sounds so cool! Is the repo available anywhere?

neobrain · 2026-05-03T17:05:24 1777827924

Nothing public yet, but this is the Nix output for taking the screenshot, to be executed via `nix run .#screenshot`:

        outputs.apps.x86_64.screenshot = {
          type = "app";
          program = toString (pkgs.writeShellScript "screenshot-script" ''
            set -euo pipefail

            EMU_SDK="${androidEmulatorComposition.androidsdk}/libexec/android-sdk"
            ADB="$EMU_SDK/platform-tools/adb"
            EMULATOR="$EMU_SDK/emulator/emulator"
            APK="${self.packages.${system}.debug}/myapp-debug.apk"

            SRC_DIR="$(${pkgs.git}/bin/git rev-parse --show-toplevel)"
            AVD_HOME="$(mktemp -d)"
            trap 'kill "$EMU_PID" 2>/dev/null; wait "$EMU_PID" 2>/dev/null; rm -rf "$AVD_HOME"' EXIT

            # Create AVD
            AVD_DIR="$AVD_HOME/screenshot.avd"
            mkdir -p "$AVD_DIR"
            cat > "$AVD_HOME/screenshot.ini" <<EOF
            avd.ini.encoding=UTF-8
            path=$AVD_DIR
            target=android-${platformVersion}
            EOF
            cat > "$AVD_DIR/config.ini" <<EOF
            AvdId=screenshot
            PlayStore.enabled=false
            abi.type=x86_64
            avd.ini.encoding=UTF-8
            hw.cpu.arch=x86_64
            hw.gpu.enabled=yes
            hw.gpu.mode=swiftshader_indirect
            hw.lcd.density=420
            hw.lcd.height=2400
            hw.lcd.width=1080
            hw.ramSize=2048
            image.sysdir.1=system-images/android-${platformVersion}/google_apis/x86_64/
            skin.dynamic=yes
            tag.display=Google APIs
            tag.id=google_apis
            disk.dataPartition.size=2G
            EOF

            echo "==> Starting emulator..."
            ANDROID_AVD_HOME="$AVD_HOME" ANDROID_HOME="$EMU_SDK" \
              "$EMULATOR" -avd screenshot -no-window -no-audio -no-boot-anim \
              -gpu swiftshader_indirect -no-snapshot 2>&1 &
            EMU_PID=$!

            echo "==> Waiting for boot..."
            for i in $(seq 1 90); do
              BOOT=$("$ADB" shell getprop sys.boot_completed 2>/dev/null | tr -d '\r') || true
              if [ "$BOOT" = "1" ]; then
                echo "    Booted after ~$((i * 2))s"
                break
              fi
              sleep 2
            done
            if [ "$BOOT" != "1" ]; then
              echo "ERROR: Emulator failed to boot" >&2
              exit 1
            fi

            # Enable dark mode
            "$ADB" shell cmd uimode night yes

            # Install and launch
            echo "==> Installing APK..."
            "$ADB" install -r "$APK"
            "$ADB" shell pm grant com.me.myapp android.permission.WRITE_SECURE_SETTINGS
            "$ADB" shell am start -n com.me.myapp/.MainActivity
            sleep 3

            # Navigate to settings screen by tapping "Notification Filters" button
            # This uses uiautomator to find the button by text for robustness
            "$ADB" shell uiautomator dump /sdcard/ui.xml
            BOUNDS=$("$ADB" shell cat /sdcard/ui.xml \
              | ${pkgs.gnugrep}/bin/grep -oP 'text="Notification Filters"[^>]*bounds="\K[^"]+' \
              || true)
            if [ -z "$BOUNDS" ]; then
              echo "ERROR: Could not find Notification Filters button" >&2
              exit 1
            fi
            # Parse bounds "[x1,y1][x2,y2]" to compute center tap coordinates
            X1=$(echo "$BOUNDS" | ${pkgs.gnused}/bin/sed 's/\[\([0-9]*\),\([0-9]*\)\]\[\([0-9]*\),\([0-9]*\)\]/\1/')
            Y1=$(echo "$BOUNDS" | ${pkgs.gnused}/bin/sed 's/\[\([0-9]*\),\([0-9]*\)\]\[\([0-9]*\),\([0-9]*\)\]/\2/')
            X2=$(echo "$BOUNDS" | ${pkgs.gnused}/bin/sed 's/\[\([0-9]*\),\([0-9]*\)\]\[\([0-9]*\),\([0-9]*\)\]/\3/')
            Y2=$(echo "$BOUNDS" | ${pkgs.gnused}/bin/sed 's/\[\([0-9]*\),\([0-9]*\)\]\[\([0-9]*\),\([0-9]*\)\]/\4/')
            TAP_X=$(( (X1 + X2) / 2 ))
            TAP_Y=$(( (Y1 + Y2) / 2 ))
            "$ADB" shell input tap "$TAP_X" "$TAP_Y"
            sleep 2

            # Capture and process screenshot
            echo "==> Capturing screenshot..."
            "$ADB" shell screencap -p /sdcard/screenshot.png
            "$ADB" pull /sdcard/screenshot.png "$AVD_HOME/raw.png"

            # Crop to content: remove status bar (top 128px) and empty space below
            # Per-App Overrides, then resize with high-quality Lanczos filter
            ${pkgs.imagemagick}/bin/magick "$AVD_HOME/raw.png" \
              -crop 1080x1100+0+128 +repage \
              -filter Lanczos -resize 540x \
              "$SRC_DIR/fastlane/metadata/android/en-US/images/phoneScreenshots/settings.png"

            echo "==> Screenshot saved to fastlane/metadata/android/en-US/images/phoneScreenshots/settings.png"
          '');
        };

neobrain · 2026-04-24T11:17:43 1777029463

Quite the contrary, actually: not using a browser extension makes you much more susceptible to phishing attacks, since your password manager won't be able to protect you from copy-pasting credentials into an imposter website.

akimbostrawman · 2026-04-27T09:50:49 1777283449

You don't need any of that to protect against phishing. Simply bookmark the website once and only use the bookmark to go to the site.

Browser password extension are just percieved convinence over security.

neobrain · 2026-04-23T10:36:32 1776940592

Just injecting this here: What I've been missing is an equivalent for GitHub's "blame prior revision" feature to quickly follow through the history of individual source lines.

https://github.com/zed-industries/zed/discussions/42583

Thanks for building an awesome product :)

neobrain · 2026-04-22T12:22:51 1776860571

tl;dr for opt-out as per https://cli.github.com/telemetry#how-to-opt-out (any of these work individually):

export GH_TELEMETRY=false

export DO_NOT_TRACK=true

gh config set telemetry disabled (starting from version 2.91.0, which this announcement refers to)

fenaer · 2026-04-22T12:29:51 1776860991

$ gh --version

gh version 2.90.0 (2026-04-16) https://github.com/cli/cli/releases/tag/v2.90.0

$ gh config set telemetry disabled

! warning: 'telemetry' is not a known configuration key

rethab · 2026-04-22T12:37:04 1776861424

v2.91.0 is the one that's going to introduce it: https://github.com/cli/cli/releases/tag/v2.91.0

Also note that even though you get a warning about an unknown config key, the value is actually set so you're future-proof. Check `grep telemetry ~/.config/gh/config.yml`

NeckBeardPrince · 2026-04-22T12:46:24 1776861984

> gh config set telemetry false > ! warning: 'telemetry' is not a known configuration key

What's strange is if you check your `~/.config/gh/config.yml` it will put `telemetry: disabled` in there. But it will put anything in that `config.yml` lol.

> gh config set this-is-some-random-bullshit aww-shucks > ! warning: 'this-is-some-random-bullshit' is not a known configuration key

But in my config.yml is

this-is-some-random-bullshit: aww-shucks

nottorp · 2026-04-22T12:56:46 1776862606

... don't forget to recheck this info every update, restore flags that have been "accidentally" reset and set any new flags that they added for "different" telemetry

neobrain · 2026-04-09T20:12:07 1775765527

The article is specifically not referring to information that's sent to Apple servers - it's about information on the phone only, accessible through forensics tools with physical device access.

Signal's server-side push notifications only contain a "wakeup" message. The actual message popup is displayed after decrypting the message contents locally on the device. Of the things you mentioned, only the time of notification is visible to Apple/Google.

traderj0e · 2026-04-09T22:41:09 1775774469

Fun fact, apps can't wake from APNS if the user killed the app (swipe up) last time instead of switching away normally. Apple publicly said something contrary to this at one point, so it might be surprising that Signal can work this way. The notification itself will still come through outside the app, so I wonder what you see, probably some placeholder text?

intuxikated · 2026-04-10T06:00:33 1775800833

Yes there's a placeholder in that scenario Something like 'new message available' if I remember correctly (I'm no longer on iPhone, so can't verify)

neobrain · 2026-04-03T10:31:34 1775212294

> If some provider like Proton states they are pricacy-focused and protect your data from governments, but can still offer loads of your private data when ordered to, that damages their privacy claim.

"Loads" of private data? When has this allegedly happened or how would it technically even be possible?

streetfighter64 · 2026-04-03T10:57:29 1775213849

Well, Proton themselves say they will provide information about who has contacted a randsomware attacker to law enforcement. https://proton.me/legal/law-enforcement

So that probably has happened. Whether they've even provided other private data I don't know, but

> how would it technically even be possible

Well, it's not possible if you trust their claims about E2EE, but that is just a claim. How's that any different from a non-encrypted email provider saying they won't provide your emails to others? It all comes down to trust in the end.

0x3f · 2026-04-03T10:59:58 1775213998

They don't claim email is E2EE. Of course they need to know email metadata to route messages. That's unavoidable if you are using email. It's not encapsulated like that.

streetfighter64 · 2026-04-03T11:00:55 1775214055

Yes they do (the storage of your emails on their servers, that is). See this comment for a summary of their claims and reality https://hackertimes.com/item?id=47625229

Edit: A reply to your misunderstanding and accusation below:

What do you mean? By "provide your emails to others" I obviously mean the email *contents*, not the email *address*. (Which I also clarified with "the storage of your emails on their servers"). You know, the very thing that is almost the whole selling point of Proton: that they keep the contents of your emails encrypted so "only you" can access them.

> Proton Mail protects the contents of all your messages with zero-access encryption, meaning no one can read them except you and your recipients. Messages you send to other Proton Mail accounts are always end-to-end encrypted, as are emails sent to non-Proton Mail accounts when you use Password-protected Emails.

https://proton.me/security/end-to-end-encryption

Also, what in the SMTP protocol requires Proton to *store* that metadata? Could they not simply delete it after using it (or, crazy idea, encrypt it in the same way the message contents are encrypted in storage), so they would be unable to respond to law enforcement requests the next week, say? They did also previously claim that they didn't log user's IP addresses. Why would they claim something like that, if it's "obvious to anyone who knows" that it's a false claim? Marketing aimed towards their not so technically savvy userbase?

https://www.theregister.com/2021/09/07/protonmail_hands_user...

Let me also remind you that I was replying to a question about "how would it technically even be possible" to "offer loads of your private data when ordered". My reply was, it's easily possible for them to offer your metadata, and you still need to trust their claims about heir implementation of E2EE to believe they won't offer your message contents.

You're very quick to accuse people of spreading misinformation. Let me hit back with an accusation of my own, which is that Proton's PR team have a habit of regularly trying to discredit any critique as "misinformation". Perhaps you've just read too many of their rebuttals?

0x3f · 2026-04-03T11:06:43 1775214403

They simply don't. Please stop spreading misinformation.

https://proton.me/mail/privacy-policy

> Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times.

This would be obvious to anyone knows how email works. It would be very silly for them to claim otherwise.

neobrain · 2026-03-25T12:43:18 1774442598

If you create an account, it may be worth looking into "starter packs", which are lists of accounts around specific topics to follow. That's an easy solution if you run into the "I don't know who to follow and there's no algorithm that'll tell me" problem.

neobrain · 2026-03-23T08:06:33 1774253193

> I want a computer where I can basically install every non stock app in its own little world, where it thinks "huh, that is interesting, I seem to be the only app installed on this system".

NixOS containers are the most convenient way to do this, but those will map the entire global nix store into your container. So while only one app would be in your PATH, all other programs are still accessible in principle. From a threat-modelling perspective, this isn't usually a deal-breaker though.

There's also dockerTools, which lets you build bespoke docker/podman images from a set of nix packages. Those will have a fully self-contained and minimal set of files, at the expense of copying those files into the container image instead of just mapping them as a volume.