Support us on Patreon
PayPalLatest Comments by LoudTechie
European Commission gathering feedback on the importance of open source
12 Jan 2026 at 10:47 pm UTC Likes: 2
I asked for cryptographic hashes, because it's better than nothing and can be used as a start to build a functioning system.
Cryptographic hashes can be freely published, since they're cryptographic hashes meaning that they're sufficiently resistant to collision, decompression and other attacks.
Many parties can't get access to the perceptual hashes normally used to enforce laws, yet still want to host lawabiding servers.
A list of cryptographic hashes could be used for the following:
- public accountability of what's being removed by government mandate(throw your sensitive publications in a hashing algorithm and find out if you're being censored)
- A self hosted file server/forum/other user content providing service, which can build perceptual hashes from the lazily posted illegal content it catches on its own server(only one criminal has to be too lazy to edit a file and all instances already on the server can be caught, repeat offenders can be used as data mines for more cryptographic and perceptual hashes, trust of law enforcement can be won by reporting).
These servers would never publish the perceptual hashes they generate, just provide back cryptographic hashes to the project that enables them to automate large part of their moderation, which can use this to enable more to catch and share.
Edit:
Also cryptographic hashes are accurate, which means they won't be dealing with too much false positives and can carefully expand their coverage avoiding many of the mistakes big tech made along the way.
Beside that European copyright exception are only slightly comparable to US copyright exceptions.
They might have the opportunity to fine tune on the way.
Law based moderation software packages tend to be expensive riddled with NDA's, big tech dependencies and absolutely critical for anyone trying to solve the EU's hosting power problem.
This could be a start to a more open, accountable and sovereign European internet.
12 Jan 2026 at 10:47 pm UTC Likes: 2
Quoting: PikoloI know this.Quoting: LoudTechieMy proposals were.Perceptual hashing [External Link], used for copyrighted content and CSAM detection is very different from cryptographic hashing. The goal is to catch images and videos that are "sufficiently similar". It's as vague as it sounds, and unless configured with a very low sensitivity is guaranteed to cause false positives. When configured with low sensitivity, it's possible to bypass. When you take into account the quantity of CSAM perceptual hashes out there, false positives happen regularly. So you can either block everything, or block random things. Far from a solved problem
Publish cryptographic hashes of restricted material, so small player can collaborate to implement filters for illegal information like CSAM and copyright protected material allowing them to more cheaply preform moderation responsibilities.
Using perceptual hashing for copyright enforcement is even worse, because the algorithm has no way to account for exceptions to copyright [External Link]. That should always be a human's judgement call, but with copyright trolls in the picture you get a lot of pressure towards false positives.
I asked for cryptographic hashes, because it's better than nothing and can be used as a start to build a functioning system.
Cryptographic hashes can be freely published, since they're cryptographic hashes meaning that they're sufficiently resistant to collision, decompression and other attacks.
Many parties can't get access to the perceptual hashes normally used to enforce laws, yet still want to host lawabiding servers.
A list of cryptographic hashes could be used for the following:
- public accountability of what's being removed by government mandate(throw your sensitive publications in a hashing algorithm and find out if you're being censored)
- A self hosted file server/forum/other user content providing service, which can build perceptual hashes from the lazily posted illegal content it catches on its own server(only one criminal has to be too lazy to edit a file and all instances already on the server can be caught, repeat offenders can be used as data mines for more cryptographic and perceptual hashes, trust of law enforcement can be won by reporting).
These servers would never publish the perceptual hashes they generate, just provide back cryptographic hashes to the project that enables them to automate large part of their moderation, which can use this to enable more to catch and share.
Edit:
Also cryptographic hashes are accurate, which means they won't be dealing with too much false positives and can carefully expand their coverage avoiding many of the mistakes big tech made along the way.
Beside that European copyright exception are only slightly comparable to US copyright exceptions.
They might have the opportunity to fine tune on the way.
Law based moderation software packages tend to be expensive riddled with NDA's, big tech dependencies and absolutely critical for anyone trying to solve the EU's hosting power problem.
This could be a start to a more open, accountable and sovereign European internet.
European Commission gathering feedback on the importance of open source
12 Jan 2026 at 10:41 pm UTC Likes: 1
They're fusing the national payment providers many countries have naming it Wero.
They're also trying to work with India to bypass swift. [External Link]
Edit:
I give them >90% chance for achieving Wero
Just 60% for a successful Swift competitor.
China couldn't do it, Russia couldn't do it.
The EU does have a pretty serious market, their current system works EU wide and if this deal succeeds they might gain the backing of another serious market.
Also Trump is destroying the US market.
Yet, Swift's market dominance is legendary enough to move the worst dictators to tears and to make the CCP tremble.
12 Jan 2026 at 10:41 pm UTC Likes: 1
Quoting: JarmerThis is actually making great strides.Quoting: tfkOpen source mobile phones,This all sounds amazing as an American. Especially the payment thing. Here we are so screwed with horrible options for sending money around in friend / family groups. Most people in my social circle still use venmo for everything which is just paypal, a horrifying company.
Open source desktops,
From there,
EU based payment systems for easy EU based online transactions,
EU based and open source security layers for said payment providers.
Educational programs to show people how to be the owner of their own system again, and how to do critical thinking again.
Ban on American cloud services like Google, Microsoft, Amazon. I mean firewall block. Boom!
Edit: gave my feedback.
Microsoft is so screwed in the corporate sector. I don't think they care though, right now Satya's brain has turned completely to mush with ai garbage so he can't even think properly. The entire corporate world over the next decade is going to dump office (or copilot 365 app LOLOL) and windows, so that's a TON of revenue lost. Again I don't think microsoft cares, but it'll be interesting to see what happens with windows.
They're fusing the national payment providers many countries have naming it Wero.
They're also trying to work with India to bypass swift. [External Link]
Edit:
I give them >90% chance for achieving Wero
Just 60% for a successful Swift competitor.
China couldn't do it, Russia couldn't do it.
The EU does have a pretty serious market, their current system works EU wide and if this deal succeeds they might gain the backing of another serious market.
Also Trump is destroying the US market.
Yet, Swift's market dominance is legendary enough to move the worst dictators to tears and to make the CCP tremble.
European Commission gathering feedback on the importance of open source
12 Jan 2026 at 3:22 pm UTC Likes: 2
12 Jan 2026 at 3:22 pm UTC Likes: 2
Quoting: syylkThe sooner the EU realizes that the US are not an ally anymore, the better.That sound like input that's best directed at the "strategic foresight report" call for evidence.
European Commission gathering feedback on the importance of open source
12 Jan 2026 at 2:02 pm UTC Likes: 3
12 Jan 2026 at 2:02 pm UTC Likes: 3
My proposals were.
Publish cryptographic hashes of restricted material, so small player can collaborate to implement filters for illegal information like CSAM and copyright protected material allowing them to more cheaply preform moderation responsibilities.
Back export controls up with sovereign hosting, iron clad NDA's and money.
Simplify copyleft enforcement.
Edit:
What would you guys propose?
Publish cryptographic hashes of restricted material, so small player can collaborate to implement filters for illegal information like CSAM and copyright protected material allowing them to more cheaply preform moderation responsibilities.
Back export controls up with sovereign hosting, iron clad NDA's and money.
Simplify copyleft enforcement.
Edit:
What would you guys propose?
European Commission gathering feedback on the importance of open source
12 Jan 2026 at 1:44 pm UTC Likes: 7
12 Jan 2026 at 1:44 pm UTC Likes: 7
Yeah, I was pretty enthusiastic when I read that call and send some proposals and praise their way.
Edit: Also you don't have to be an EU-citizen to support feedback.
They've a seperate category for that.
On the nitpicky side, the call for evidence is for how to steer european open source toward their objectives, not the importance.
Edit: Also you don't have to be an EU-citizen to support feedback.
They've a seperate category for that.
On the nitpicky side, the call for evidence is for how to steer european open source toward their objectives, not the importance.
Canonical call for testing their Steam gaming Snap for Arm Linux
10 Jan 2026 at 7:32 pm UTC
10 Jan 2026 at 7:32 pm UTC
Quoting: Purple Library GuySnap is for if you really, really want vendor support and/or if you're using Ubuntu.Quoting: LinuxerSteam snap works greatt including all the goodies inside fo gamer by default too but the flatpak of Steam is still a mess cos of access restrictions etc and cant be recommended just sayinMy distro packages Steam, so it's kind of a non-issue. IMO Flatpak is for things the distro isn't already packaging and for commercial things the distro can't package. And Snap is, um, for if you're using Ubuntu I guess.
Linaro reveal they're collaborating with Valve for the Steam Frame
10 Jan 2026 at 5:45 pm UTC Likes: 3
Documenting your experience in a forum post or something can really help others.
10 Jan 2026 at 5:45 pm UTC Likes: 3
Quoting: tfkI've ordered the FLX1s bundle. Let's see if this phone will set me free of Google's claws.Can we see too, when you do?
Documenting your experience in a forum post or something can really help others.
Canonical call for testing their Steam gaming Snap for Arm Linux
10 Jan 2026 at 4:38 pm UTC Likes: 6
10 Jan 2026 at 4:38 pm UTC Likes: 6
I think this is great news.
Canonical might unnecessarily cling to snap, but at least they're doing research in a known and reported problem.
Steam's compatibility with containerized package formats and repo policies.
Canonical might unnecessarily cling to snap, but at least they're doing research in a known and reported problem.
Steam's compatibility with containerized package formats and repo policies.
Steam Frame and Steam Machine will be another good boost for Flatpaks and desktop Linux overall too
10 Jan 2026 at 4:30 pm UTC Likes: 3
Snap takes the federalization of standard package managers away, meaning that it's only compatible with a single centrally managed repo, this makes it way too sensitive to squables, rifts and manpower problems.
10 Jan 2026 at 4:30 pm UTC Likes: 3
Quoting: dziadulewiczPackaging for Linux is important to be easy and efficient. Flatpak and Snap are both great for creating a universal package distribution.For Flatpak I agree, that's one of its use cases.
Snap takes the federalization of standard package managers away, meaning that it's only compatible with a single centrally managed repo, this makes it way too sensitive to squables, rifts and manpower problems.
Steam Frame and Steam Machine will be another good boost for Flatpaks and desktop Linux overall too
10 Jan 2026 at 3:19 pm UTC
Further on your second point. I'm not actually arguing that distro specific packages should disappear.
As I said before somewhere in this thread, they should as they were designed to apply to everything that requires root, such as drivers and other virus scanners. Things that don't, like games, applications and production software need a different system, than "distro approved". This isn't only, because it's less work, but also because "centrally approved" is a model ripe for abuse when Linux compatibility starts to matter to the market. Flatpak couldn't if it wanted, since as a containerized package format it can't run in ring0 and can thus not update things like the kernel itself.
On your third point. Truly, I thought that when you said that maintaining two package versions one with and without security flaw it was a counterpoint to the part you quoted, which stated that making a package distro independent was less work. This seems to be the same miscommunication as the past one. I was talking about how reduced developer effort had the potential of flowing over in better support. You were talking about how you disliked Flathub's policies.
In that sense the best argument in that direction is a rant of the developer of the default login of screen of if I remember correctly Gnome about how Debian's slowness in updating was keeping DOS(denial of service) patches at bay. Yet, I'm more inclined to agree with you than disagree in this sense. I use debian and avoid flathub(fedora's flatpak repo receives some leeway), because I agree with many of debians repo policies. I personally, also very much disagree with flathub's easy going attitude towards proprietary software.
I simply think the tech and movement show promise.
(Also on the argument I mentioned that dude was totally making a mountain about a mole hole. He was considering a technically advanced attacker who couldn't do a DMA attack, but still had physical access.)
On your final point. If you violate the law and don't handle it in time the government will take away your availability. The gdpr specifically is about ensuring confidentiality for the most personal data someone has. Availability and confidentiality are totally security. They're two thirds of the CIA triad.
Edit: Also my original point about manpower still stands, because there was nobody the project leader had to spring in. This takes away their time from other functions. One of the primary functions of any open source project leader is handling high profile responsible disclosure cases and negotiating about vendor support(vendor support is a functionality thing I admit, so you can from your definition of maintenance skip that one.
On the security comparison in this thread I actually mentioned another point. Against falthub's security policies..
Flathub fully relies on the security benefits of the containerization of flatpack to correct for all kinds of policy shortcomings.
Distro maintainers on the other hand rely on policy to avoid containerization.
For very needy programs like kernels, virus scanners and drivers containerization offers little benefit, since "the principle of least privilege" still means essentially full system access. As such containerization can't really do anything to help, while policy does help.
Yet for more limited programs like applications and games "the principle of least privilege" offers more protection. Flathub uses this to provide convenience instead of security, so if your favorite distro's, distro specific repos in their package manager and potentially a well curated flatpack repo with strict policies, such as the fedora repo. If you seek convenience flathub offers quite good value. It still by the offers bad value in the needy program category(see the local Steam complaints), but that's already well filled with distro specific packages.
In both cases Flatpak can offer value, but it needs to be used very differently.
10 Jan 2026 at 3:19 pm UTC
Quoting: EikeFirst my excuses. It was not my goal to change the topic. A. We have a definition difference. Maintenance is in my eyes less to not even about security. Maintenance is in my eyes the first place keeping something functional and compatible within your distro, B. In my logic every program can be critical for someone's workflow, since I and distros don't have the data to reliably determine that it's not. This is the explanation for my topic change. Not a counterpoint.Quoting: LoudTechieYou've silently changed topic here. We were talking about every package being maintained security-wise, not every program in the world being packaged. See what we've referenced:Quoting: EikeAs a Debian user myself I just happen to directly be in a position to point you to a package that they don't maintain in their repo and I myself use happily with an already existing deb version and is fully dpkg compliant AppimageLauncher.Quoting: LoudTechieIt creates a problem for you, because your distribution doesn't have enough manpower to maintain all packages.It does. It's Debian.
Quoting: LoudTechieEdit: On the different versions support: yeah probably, Debian, Red Hat and Canonical do that too. Backwards compatibility and usability sometimes require work. This time though each of these versions need only to be maintained once for all distros.Except for some special cases with two major versions (which both are security fixed) - nope, this doesn't happen. Version 2.17 and version 2.18 of whatever uses the same places for the files, so they cannot coexist.
Quoting: LoudTechieSo, yes, quite obviously, no distribution can package everything you might want. But this no argument against deb, rpm or whatever. The question at hand was if using deb is creating security issues due to missing manpower.Quoting: EikeIt creates a problem for you, because your distribution doesn't have enough manpower to maintain all packages.Quoting: Liam DaweI firmly disagree. That is chaos. Every distribution has a different set of packages and versions, with security problems having to go through each distro for each package.How does this create a problem for me? My distribution cares for it.
And doesn't Flatpak support different versions of the same package as the same time? So, you can have one without the security flaw - and at the same time one with the security flaw?
Quoting: LoudTechieAlso on versions. For every library I encounter in my development work apt offers like 8 different versions. For example gtk library: 2.0, 3 and 4 and the mosquitto library in several different implementations.First, and I already mentioned this, this is not a problem if several different major library versions are packaged as long as they are all security maintained.
Second, I can name you 20 libraries that do not have different versions in Debian that you can install next to each other for any that you give me that does. Try me.
Quoting: LoudTechieDebian also this year published a desperate request for help, because of a lasting 100% manpower shortage for the debian data protection team.This has nothing to do with security, it is about looking for GDPR issues.
Further on your second point. I'm not actually arguing that distro specific packages should disappear.
As I said before somewhere in this thread, they should as they were designed to apply to everything that requires root, such as drivers and other virus scanners. Things that don't, like games, applications and production software need a different system, than "distro approved". This isn't only, because it's less work, but also because "centrally approved" is a model ripe for abuse when Linux compatibility starts to matter to the market. Flatpak couldn't if it wanted, since as a containerized package format it can't run in ring0 and can thus not update things like the kernel itself.
On your third point. Truly, I thought that when you said that maintaining two package versions one with and without security flaw it was a counterpoint to the part you quoted, which stated that making a package distro independent was less work. This seems to be the same miscommunication as the past one. I was talking about how reduced developer effort had the potential of flowing over in better support. You were talking about how you disliked Flathub's policies.
In that sense the best argument in that direction is a rant of the developer of the default login of screen of if I remember correctly Gnome about how Debian's slowness in updating was keeping DOS(denial of service) patches at bay. Yet, I'm more inclined to agree with you than disagree in this sense. I use debian and avoid flathub(fedora's flatpak repo receives some leeway), because I agree with many of debians repo policies. I personally, also very much disagree with flathub's easy going attitude towards proprietary software.
I simply think the tech and movement show promise.
(Also on the argument I mentioned that dude was totally making a mountain about a mole hole. He was considering a technically advanced attacker who couldn't do a DMA attack, but still had physical access.)
On your final point. If you violate the law and don't handle it in time the government will take away your availability. The gdpr specifically is about ensuring confidentiality for the most personal data someone has. Availability and confidentiality are totally security. They're two thirds of the CIA triad.
Edit: Also my original point about manpower still stands, because there was nobody the project leader had to spring in. This takes away their time from other functions. One of the primary functions of any open source project leader is handling high profile responsible disclosure cases and negotiating about vendor support(vendor support is a functionality thing I admit, so you can from your definition of maintenance skip that one.
On the security comparison in this thread I actually mentioned another point. Against falthub's security policies..
Flathub fully relies on the security benefits of the containerization of flatpack to correct for all kinds of policy shortcomings.
Distro maintainers on the other hand rely on policy to avoid containerization.
For very needy programs like kernels, virus scanners and drivers containerization offers little benefit, since "the principle of least privilege" still means essentially full system access. As such containerization can't really do anything to help, while policy does help.
Yet for more limited programs like applications and games "the principle of least privilege" offers more protection. Flathub uses this to provide convenience instead of security, so if your favorite distro's, distro specific repos in their package manager and potentially a well curated flatpack repo with strict policies, such as the fedora repo. If you seek convenience flathub offers quite good value. It still by the offers bad value in the needy program category(see the local Steam complaints), but that's already well filled with distro specific packages.
In both cases Flatpak can offer value, but it needs to be used very differently.
- Legendary, the free and open source Epic Games Launcher, has moved to a new organisation
- Godot gets a funding boost from Slay the Spire 2 devs Mega Crit
- Bazzite Linux gets some major upgrades for the April 2026 Update
- Valve dev fixes up VRAM management on AMD GPUs to improve performance
- Proton Experimental brings fixes for classic Resident Evil 1 & 2, Dino Crisis 1 & 2 and more
- > See more over 30 days here
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck- To wait or not to wait
- GustyGhost - Proton/Wine Games Locking Up
- tuubi - The Great Android lockdown of 2026.
- LoudTechie - Introduce Yourself!
- LoudTechie - Shop Crush - Psychological Horror Thrift Sim with Literal Illusio…
- hollowlimb - See more posts