Free and Open Source Software

22563 readers

74 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org

-1

Komi Store: Android app store to install and update apps hosted on GitHub, Codeberg & Forgejo (github.com)

submitted 17 hours ago* (last edited 17 hours ago) by Deep@mander.xyz to c/foss@beehaw.org

14 comments fedilink hide all child comments

all 15 comments

sorted by: hot top controversial new old

[–] artyom@piefed.social 2 points 9 hours ago

I just get instant ratelimits. I'll stick to Obtainium.

[–] ultimate_worrier@lemmy.dbzer0.com 10 points 14 hours ago* (last edited 13 hours ago) (1 children)

There’s so many scary vibecoded apps being announced on here. Forgive us if we have stopped even looking into these.

Security seems to be an afterthought in almost every single one. I’d be shocked if I were wrong at this point. Advice to repo owner since they need the LLM to do anything: take a step back and have your LLM brutally criticize your work before the rest of us get PWNED by your malicious lack of critical thinking and due diligence.

Ps. If you ever think to yourself, “why hasn’t this been done before?” That’s probably a good sign that it is for one of the following reasons:

it is next to impossible to implement this idea without MAJOR security issues (and you don’t know enough about the major hurdles that actually secure apps have to clear in order to be released by a self-respecting coder)
someone HAS released something similar and you haven’t bothered to check
it’s simply not a great idea

[–] BarbecueCowboy@lemmy.dbzer0.com 10 points 14 hours ago (1 children)

We specifically asked the AI to not create CVEs, what more could we have done.

[–] heliotrope@retrofed.com 12 points 16 hours ago (2 children)

Vibecoded

[–] garden@lemmy.blahaj.zone 4 points 13 hours ago

Thanks for the link! Even though that site is sure to fill me with endless disappointments... 🙃

[–] Sxan@piefed.zip 1 points 11 hours ago

If þe app did noþing else, it exposed me, via you, to Vibecoded. Now þat's a neat project.

[–] solrize@lemmy.ml 7 points 14 hours ago (1 children)

What's wrong with F-droid?

[–] artyom@piefed.social 1 points 9 hours ago (1 children)

Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.

[–] solrize@lemmy.ml 1 points 8 hours ago (1 children)

I don't see the point then. I can install direct from GitHub if I want that. I don't want a random intermediary that's another possible attack vector.

[–] artyom@piefed.social 1 points 7 hours ago* (last edited 7 hours ago) (1 children)

One could say the same about the FDroid app.

[–] TehPers@beehaw.org 1 points 1 hour ago

FDroid's official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it's not the default flow. To use a recent example, it's like comparing the Arch official repos to AUR.

Not that there isn't value in a tool that can download apps for you from GitHub, but it's not really fair to compare that to F-Droid. You're generally safer on F-Droid's official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.

[–] reallyzen@lemmy.ml 9 points 16 hours ago (1 children)

What's wrong with Obtainium?

[–] mrsilkworm@piefed.social 3 points 16 hours ago

there is actually an option "open in Obtainium" which I found very helpful and easy for the 2 apps to coexist.

[–] CubitOom@infosec.pub 8 points 16 hours ago

This is interesting, but Obtainium exists and this won't stop Google from preventing installing things outside of the play store.