> I would, however, trust a default MacOS/iOS/Windows system over a default Linux system. The Linux community has a track record of being hostile to the security community - for their own good reasons. Whereas Apple and Microsoft pay teams to secure their OS by default.
I think we can have the best of both worlds here: OS distributions that are being maintained by paid teams of security experts, and that can be audited by anybody.
What are the major ones? Android, Chromium OS, RedHat (Fedora, CentOS), and SUSE.
> "Compromised" meaning that malware hasn't been installed or that it's not being accessed by malicious third parties. This could be at the BIOS, firmware, OS, app or any other other level.
I don't believe there is a way to be 100% certain, but if I had to go to a store and pick a new device with the lowest likelihood of being compromised, it would be a desktop, a laptop, or a tablet running ChromeOS[1].
> Are there other ways to accomplish being so comfortable with, "eh, gonna be unemployed another 4-6 months and see what happens"?
It's not that hard to accomplish for those who can be(come) location independent. For instance[1]:
> You would need around 2,582.16$ in Budapest to maintain the same standard of life that you can have with 8,700.00$ in San Francisco, CA (assuming you rent in both cities).
Budapest is a very weird place unless you live in an expat bubble in the 5th district downtown or in a villa in the 2nd. The city is basically a parody of itself, for example they didn't have money to keep up the mental hospital so they just released everyone on the street. Even a good few years after the fact, the city is still full of visibly mentally ill people, who act completely random. You never know when you'll get spat on or some abuse shouted at you just for existing. One time a guy walked up to me and put arms up like a boxer and tried to fight me. It's very unsafe too. We interviewed a dev in a downtown café in broad daylight in a crowded place and he was robbed at knifepoint just outside the café.
I agree with most of your points, even though I never felt unsafe in Budapest during the 3 months I spent there, including many many long walks after midnight.
I picked Budapest as an example because it's a well known international destination with very high level of walkability, great public transportation, and affordable prices.
Prague and Krakow are two other similar options in Central Europe, only much less "weird" (and, as a result, a little more "boring").
There are also plenty of pleasant and affordable cities in Southern Europe, such as Valencia and Porto.
I picked Budapest for comparison, because as a European I don't know many large, safe, and affordable US cities that wouldn't require owning a car for comfortable living.
My conclusion about the Estonian E-Residency program is that it is essentially useless, unless you want to become an Estonian tax resident by physically relocating to Estonia.
And there is a good reason why you would like to do that[1]:
> For the ninth year in a row, Estonia has the best tax code in the OECD.
For instance, if you live in Estonia, you can use an Estonian limited liability company to manage all your investments without paying any taxes at all, as long as you don't withdraw any money from it.
Why not get Dubai Golden Visa for 5-10 years instead, get 0% taxes and the ability to live wherever you want (Dubai doesn't enforce residency duration limits to Golden Visa holders)?
It might be a good choice for a digital nomad with a short-term horizon, but if you want to stay somewhere else for more than 183 days per year, you will be considered a tax resident in that country, making your Dubai Golden Visa worthless.
My entire point was, that the Estonian E-Residency is only worth it, if you are willing to relocate to Estonia. If you want to spend more than 183 days per year in some other country, then the Estonian E-Residency is not the right choice.
This website is hilarious! Thanks for sharing! I thought the place where I live is expensive, used the website to compare with Tallinn and found place where I live is actually cheaper in most areas :)
If you are not a Software Developer then its pretty much impossible to buy a home. Prices are cheaper out side of the city but then you will be dealing with long commute times or would have to work from home.
Many countries in Europe, including Estonia, are in the small peak of real estate bubble. Inflation is very high and people have been hurrying to invest money they have. Real estate is obvious choice for many.
Estonia can be considered a Nordic country. Many people from Finland have moved to Tallinn for lower taxes and lower prices, because it's just two hours by ferry away from Helsinki.
Current income, inflation and taxation levels in the EU can be considered immoral as well. Moreover, Estonia has issues with human rights (unless you assume Russian-speaking people are subhumans).
> unless you assume Russian-speaking people are subhumans
what ?
> Current income, inflation and taxation levels in the EU can be considered immoral as well
There is no free lunch, that's how we get infrastructure, healthcare, social benefits, &c.
If you think Estonia is as fucked up as the UAE we can stop discussing now, you're either completely delusional or acting in bad faith, feel free to go live there, if all you care about is money I'm sure it feels like Heaven
Read about how 1/3 to 1/2 of population is treated in Baltic countries, then get back to preaching about how moral/democratic they are. How can people born there living there for decades end up without a citizenship? Dubai improved a lot in recent years but the stench of being built on slave labor will be there. So was UK/France/Belgium/Spain/Portugal. Show me a single moral country, I'll move there in an instant.
1/3 to 1/2 is a tremendous exaggeration. In Latvia it is ~11%, in Estonia, close to 5%, and in Lithuania, next to non existent.
The predominantly ethnic Russian who were living in the SSR of Latvia or Estonia, but were not Latvian citizens before 1940, and who have not learned the language and acquired citizenship after '91 have rights, but cannot vote or hold some political offices. Same with any other foreigner. They can learn the national language and apply for citizenship. Choosing not to doesn't mean they are treated poorly or unfairly.
The classic "every country did at least one bad thing sometimes in the past so stoning homosexuals to death in 2022 isn't that bad", Alright :|
If you absolutely love money and have no moral at least say it, even Soros did it: "I am basically there to make money. I cannot and do not look at the social consequences of what I do."
I don't understand what you mean by "ability to live wherever you want". Taxes are pretty much always based on residency, it doesn't matter whether you hold a Dubai Golden visa if you live outside of Dubai.
For some reason software engineers often think they can work remotely and live wherever they want. I lived in Japan for a long time and english-speaking forums about Japan are full of people asking how to move to Japan and keep a US job, or matter-of-factly stating "I have a spouse visa and get paid to my US account so I don't have pay taxes in Japan" which is of course completely wrong.
From a US point of view maybe but it’s complicated in Japan. For starters you are not allowed to work remotely on a tourist visa waiver and work done remotely I Japan is not “foreign sourced income”, at least not for a normal situation. There’s conditions which may trigger tax residency, and finally regardless of your status, work done in Japan can cause liabilities for the US company.
Also the posts I mentioned are almost universally “I assume or have assumed that I can just buy a house and work remotely from Japan”, but there a few that are looking for loopholes to be a digital nomad.
You are most likely correct - those who want to own a property/live there forever are out of luck and likely bend local laws. It's always best to talk to your tax advisor wrt these issues to avoid any troubles later (I did to mine before I traveled around the world working remotely).
If you make sure you aren't living in a single country for over 180 days, you can still utilize Dubai taxation. For example, you spend 179 days in your home country in the spring/summer, then travel a bit for a few months, then park in Dubai for winter. With regular Dubai visa, you'd need to spend 8 months there. Dubai's CoL is comparable to Germany. If you earn $200+k/year remotely, you can buy a house in your home country in a few years and move back. 0% tax means you get $200k, with monthly living expenses around $2000 including health insurance and rent, keeping $176k (adjust when married with kids etc.).
Maybe if you are in a country with super low taxes for IT folks like Romania, Poland, Croatia etc. But that won't work in Germany, Benelux, France, Spain, Italy, Scandinavia where taxes can be 40-60% at that income level.
What I meant is that a Dubai visa is not necessary to execute this scheme. In general, if you spend less than 180 days in a country, you are not taxed in that country (irregardless of whether you have a Dubai visa or not). Country of citizenship is mostly irrelevant for tax purposes, unless you are American. There's not usually a law that requires citizens to be paying taxes somewhere (else, I could see how the Dubai Golden visa could help).
I think you'd need at least one country to give you a taxation statement for a given year or you risk your home country will extract those taxes from you later. I can ask my tax person about it.
I get you don't really understand well how these things work. I suggest you don't give advice in this area. Some people will find themselves in trouble because of it.
IIRC, most countries with income tax tax by where income is earned (that is, where the work is done) by default, not residency, though many have tax treaties with each other that assign income earned by residents of a foreign country in the other treaty partner back to the country of residence.
Tax domicile laws are often in effect only after 180-something days in most developed countries. For example, imagine you are moving after 270 days from e.g. Croatia with 12% tax rate to Germany with 42% tax rate. The 90 days you are making money in Germany can be still taxed in Croatia.
So not paying taxes like everybody else which pay for public services you use is morally defensible as long as you don't pay those taxes to a democratic nation as opposed to a dictatorship?
This, I have to imagine, would come down to soft power. To my knowledge, it’s /very/ rarely free to move wealth across borders. So if a country were to strongly incentivize investment a certain way all of a sudden, it would be ideal if the political leanings were aligned with yours. Perhaps that might mean investing/holding your wealth in a country where there are likely to be further breaks for renewables. Who knows.
This isn’t a super thought-through response. Would be curious to see if people have ideas to add.
Instead of avoiding taxes and coming up with silly hacks - one should pay his fair share in his own country and try to build community and wealth around himself and his close ones.
Energy/wealth spent to avoid taxes in way where you move from country to country or do some weird stuff could be spent probably on building a small business or two.
I agree there are bad places to live and people have to run away from these or move because they don't earn enough in their place so they move out for more opportunity, but if it goes down to "I just want to keep more money for myself" is just not right and not moral at all.
Imagine being a 20-year old in Germany and Netherlands and finding the cheapest house you can own goes for 500k. Your salary peaks at 80k after 10 years of work, half of it goes to taxes and 1/3 of that is lost on rent you are forced to pay. Your only option is a 30+ year mortgage that will send you to a rat race with no options to leave, especially when you get married. Or you spend 5 years in Dubai, working remotely for 100k+, return back home and buy a property. Then you work only as much as you need. What would be your choice?
Sure, but what you are describing is not the same as becoming a tax resident of country solely for tax gains, I think that is morally wrong. I do believe in open borders and flows of labor, if specific part of the the world raise wages to attract skilled labour, I think that's great, more choice for us all! I personally would still want to live in the Netherlands earning a third of the disposable income compared to Dubai for various reason, including moral as well as standard of livings reasons but I completely understand somebody else might make a different choice.
AFAIK all Baltic states have a minority with limited rights, so they are far from true democracy. It's irrelevant what they think of that minority/what is their history with that minority, they simply can't claim to be fully democratic.
I dont hail from Estonia, but if you disqualify it as a democracy... pretty much all other european nations and the USA will have to be disqualified too and for the same reasons.
Its quality of life index is way higher then the USA as well, though that doesn't really say anything about its democracy.
Athens didn't have universal suffrage, and they invented democracy (and were in many ways far more democratic than anything we have today). They had some pretty radical measures for mixing up who actually got to hold office, such as sortition, and misbehaving officials risked ostracicsm by public vote.
I think this is something that is severely overlooked in contemporary democracy. It's a very small clique indeed that stands any realistic chance of holding office in most western democracies. Ultimately doesn't really matter who gets to vote if the candidates are all the same.
A quick question - how can a person born in a Baltic state and living there their whole life end up without citizenship? How is that democratic? Don't you see any problem there? That doesn't happen even between Romanians and Hungarians that are often at each other's throat for similar historical reasons.
> A quick question - how can a person born in a Baltic state and living there their whole life end up without citizenship?
The people in question are ethnic Russians who CHOOSE to not get a citizenship. They choose this, beccause people in Baltics without citizenship have the right to travel both within the EU and in Russia without a visa. Just to make it extra clear, let me draw you a table of a citizenship matrix in Estonia:
Estonian citizen - can travel within EU, needs visa for Russia
Russian citizen - needs visa for EU, can travel within Russia
No citizenship - can travel within EU, can travel within Russia
They can convert themselves to a Russian citizen at any time. They don't do it, because they don't want to actually live in Russia. They just want to be able to go there regularly for family and friends.
In the 1990s Estonian citizenship was given to any resident who asked for it, zero requirements. The people who remain stateless today rejected the proposal. Nowadays its more difficult to get Estonian citizenship, but still within reach for plenty of these people. They just don't want to do it, again, because they have friends and family in Russia - and Estonian citizens can't freely travel to Russia.
They can still vote for local elections and work. So there isn't really a strong incentive to care.
The best incentive for getting an actual citizenship is for those who want to travel beyond EU & Russia, because the global world doesn't give these stateless people special rights.
> A quick question - how can a person born in a Baltic state and living there their whole life end up without citizenship?
It should only be possible, if that person was born in Soviet Union (that is, before 1990), and doesn't speak the official language of the country he / she is living in.
I understand you are used to it, but it's really bad optics from the outside. How can there be people in their 30s without a citizenship? Estonian is a Finno-Ugric language which means it's extremely difficult to learn due to a completely alien structure of the language (compared to almost all European languages). Even Finland allows both Finnish and Swedish as official languages and doesn't discriminate Finnish Swedes that they don't speak Finnish. So you have some sort of "Eastern-European" flavor of democracy that allows a portion of population be marginalized based on their language.
> How can there be people in their 30s without a citizenship?
Because they've chosen not to pursue citizenship. There's a simplified path that anyone in this situation can utilize. I don't see how giving them the choice and allowing them to live and work in the country indefinitely even if they choose no is in any way "un-democratic".
And if you're suggesting that 30 years is not enough time to learn the absolute basics of a language, that is just utterly ridiculous. Not nearly as ridiculous as comparing this to the slave labor that built Dubai though.
Look, Baltic states have my sympathy for what you managed to achieve in 30 years. I understand you needed a few years to establish yourselves as independent nations, assert/reclaim your national character and show it to your big bad neighbor. However, 10-15 years would be sufficient for that. Having that same problem for 30 years is just bad and you can try to explain it away as much as you want.
> Having that same problem for 30 years is just bad and you can try to explain it away as much as you want.
I think as an outsider you are completely missing the point: if Estonians ever wanted to give the Estonian citizenship to the residents who are unwilling to learn the official language of the country, they would have already done that.
Because by giving somebody a citizenship, you give them the right to vote. And who would the Russian speakers vote for, if they don't speak any Estonian? Pro-Russian parties and politicians.
So your solution is to basically have them as "untouchable caste" that is supposed to pay taxes but can't vote, despite being born there and living there all their lives. Ideally if they just disappeared. And you don't see any issue with that. You are basically confirming all my arguments so far.
> I understand you are used to it, but it's really bad optics from the outside. How can there be people in their 30s without a citizenship?
Technically, Estonia is not the successor state of the USSR, Russia is. If a person was born in the USSR, and only speaks the official language of the successor state of the USSR, then that person should probably be a Russian citizen, not Estonian.
"Technically, Slovakia is not the successor state of Czechoslovakia, Czechia is. If a person was born in Czechoslovakia, and only speaks the official language of the successor state of Czechoslovakia, then that person should probably be a Czech citizen, not Slovak."
> Most varieties of Czech and Slovak are mutually intelligible, forming a dialect continuum (spanning the intermediate Moravian dialects) rather than being two clearly distinct languages.
> AFAIK all Baltic states have a minority with limited rights, so they are far from true democracy.
Limited rights in the sense of not being able to vote for the parliament, sure. However that isn't unusual at all. In fact, I don't know of any counter example. Do you have an example of a country where non-citizens can vote for the highest form of government?
As for local elections, in Estonia both Russian citizens and ethnic Russians without any citizenship are allowed to vote. That is extremely democractic.
Fees were like $3k last time I checked, likely higher when using some external agency. Still peanuts compared to savings from 0% taxes (assuming high income in EU).
> For instance, if you live in Estonia, you can use an Estonian limited liability company to manage all your investments without paying any taxes at all, as long as you don't withdraw any money from it.
When you realize that WhatsApp had 450 million monthly active users and only 55 employees at the time of its acquisition by Facebook in 2014, you start to think that those tens of thousands of employees might be more needed for Meta's ad business.
It's not just that they wrote some very optimized code -- though it's true they did. They also designed the app in a way that requires very little server infrastructure compared to other chat apps, especially in the per-acquisition days.
For example, they didn't store contacts/images/messages server-side as you see in Telegram, Google ChatAppOfTheWeek, FB messenger, Twitter, IG, etc. All the infrastructure and the folks required to develop and maintain it, simply didn't exist. Similar with the limited amount of data collection they did at the time -- if you don't log it you there is no reason to have a team of people to analyze it. If you don't have ads you don't need an ad sales team. Etc.
Why couldn't the entire system be E2E encrypted by default, though? In 2022, that's my standard expectation from any service. Even such things as Pocket / Instapaper / Raindrop should come with E2E encryption by default. It's better for the service provider, too: no issues with GDPR, or in case of a database hack.
Genuine question - have you ever implemented an E2E encrypted system?
Because it's not particularly easy to do, and there are a lot of caveats and drawbacks.
Let me rephrase your assumption: "Why couldn't you just mail me the letter in a 100lb safe. In 2022, that's my standard expectation from any service".
So - are you willing to pay to ship 100lbs for every letter you send? Are you meticulously managing the details of how to handle locking and unlocking that safe? Are you working out the details on recovery and storage, handling lost devices, configuring a communication channel for sharing certs/keys, managing several crypto dependencies and libraries - all so that you can go "Hey - what's up!" in a notification to your phone?
Or should you just stop whining - accept that this is free - and take the authors advice and host it yourself?
I run a E2E system using public and private keys. It's really not that complex.
Sure, it's not free, but the implementation effort was 1/100 of the UI work.
Clients encrypt data in the browser, share id of the data and key (+ optional password). Some other clients receive id of the data and the key and read it.
For a notification service, you would just need a setup step to generate a key and store it in the browser + on the phone.
That said, I'm not sure I understand why would someone need to notify its own phone.
> Are you working out the details on recovery and storage, handling lost devices, configuring a communication channel for sharing certs/keys, managing several crypto dependencies and libraries - all so that you can go "Hey - what's up!" in a notification to your phone?
In 2022, there is no need to invent anything new about E2E encryption. There are many successful open-source examples, including Keybase and Firefox Sync.
There is no question that it adds development overhead, but I personally wouldn't even run a public service for others without E2E encryption.
> Or should you just stop whining - accept that this is free - and take the authors advice and host it yourself?
I am not attacking the author, nor do I currently care about this particular service he is providing.
This is Hacker News, a discussion platform, and I am raising a question about software development in general.
>This is Hacker News, a discussion platform, and I am raising a question about software development in general.
No - no you aren't. You're complaining about a feature in a product you've admitted you won't use.
Which... is fine. At the end of the day - the feedback might be helpful or it might not, part of the journey of publishing software (or making anything, really) is figuring out what advice to listen to, and what to ignore.
But personally - I don't really find your point sensible. You have no use-case, you have no threat model, you have a very unclear understanding of what E2E encryption entails, in my opinion - since you point to apps whose entire marketing shtick is that they have E2E encryption and say "if they are doing it, it must be easy" - Ignoring that they are literally using the difficulty of doing it as the distinguishing factor for their product.
But hey - I worked for a security company that did E2E encryption for fortune 100 companies, mostly banks, for 5 years (and eventually went out of business... as an aside) so what do I know...
> But personally - I don't really find your point sensible. You have no use-case, you have no threat model [...]
My point is very clear and simple: all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
> [...] say "if they are doing it, it must be easy" - Ignoring that they are literally using the difficulty of doing it as the distinguishing factor for their product.
I am not claiming that it's easy, but there has been plenty of open-source projects launched with E2E encryption by default in the past few years.
> all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
Why? Why do you think this. What value do you imagine this is bringing you beyond simple TLS?
Because to me, this is like saying "All conversations should be whispered by default, unless there is a good reason not to." except that's obviously not reasonable, because there are many reasons not to whisper all the time. In the same way that there are many reasons wrapping all your communication into a black box is a bad idea (discoverability and search being the most obvious two, although data loss is right on up there).
> My point is very clear and simple: all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
Are you counting HTTPS as “E2E encrypted”? Because if not, consider that we do private communication over mere HTTPS all day long. Me loading the HN web page and having my own personal rendering of it with my user cookie header and all my upvote/downvote/karma/profile state is private communication, for example.
> Because if not, consider that we do private communication over mere HTTPS all day long. Me loading the HN web page and having my own personal rendering of it with my user cookie header and all my upvote/downvote/karma/profile state is private communication, for example.
Because there is a good reason for it: it wouldn't work well with E2E encryption.
Well, ok, I guess we can use that as a justification for anything then. For example, the “good reason not to” use E2E for ntfy could be “market analysis says the small and somewhat theoretical benefit isn’t worth the complexity.”
Yes, but you said all private communication should be E2E. Apparently you're defining communication in some way that excludes an awful lot of what I'd consider communication (e.g. HTTPS traffic).
My key point was "unless there is a good reason not to". And in many cases there is a good reason not to use E2E encryption, like the example you have given. But in the case of Ntfy, E2E encryption would be a perfect fit, and eliminate any need for self-hosting.
I'll be blunt - as someone who worked in the space extensively... if you really need e2e encryption, you want to be self hosting anyways.
By the time you're trusting a hosting provider to properly do e2e for you... you've basically already lost the game. At any point they can update what's running and remove any/all protections you think you have.
So again - what is your threat model here? Because it sounds like you want "super convenient" and also "super secure" and those aren't two options you just check off - they're really more like diametrically opposed sides of the same slider.
You solve that by forwarding/decrypting/adding noise between servers, enough to cover metadata traffic you generate. The only data you reveal is anyone listening know you might have used it at some point. See https://vuvuzela.io/ I suspect it is named so because it uses a lot of bandwidth.
Encryption and convenience usually don't go well together. ntfy was mainly built for simplicity. That said, I have designed and started working on E2E here: https://github.com/binwiederhier/ntfy/issues/69
The pitch is that you can go `curl -d "My message" ntfy.sh/my_topic` and it just works. That's impossible if you want E2EE.
Fortunately, it's open-source, so if you really want, you can fork the app to add a decryption layer and then use `curl -d "$(echo "My Message" | openssl enc -aes-256-cbc -pbkdf2 -e -k "My Password")" ntfy.sh/my_topic` and that'll be E2E encrypted.
Or, you know, host your own ntfy server and trust in SSL.
You have perfectly captured my intention. :-) ntfy is supposed to be simple simple simple.
E2E stands in the way in many ways. I have implemented crypto formats and such in the past, and the lack of a standard in this space is really blocking wide spread adoption and interoperability IMHO. That said, I have proposed a design here (https://github.com/binwiederhier/ntfy/issues/69#issuecomment...) that I have already partially implemented, and that seems easy enough to implement in many languages. But it definitely won't be the one-liner anymore.
The most important bits aren't the technical aspects, but rather who controls them.
It is entirely meaningless when the keys are generated by a closed source application, when there exists no way to verify that the data isn't exfiltrated before its encryption or after its decryption, or when the only transportation method is entirely in an untrusted party's hands.
When all those things are controlled by the same entity, especially one with a history of abusive and manipulative behaviour such as the operator of WhatsApp, it's not "encryption" but a "bad joke".
Encrypting stuff in a way that can’t be trivially subverted by a malicious client app is actually pretty hard, so what have you actually gained if you’re going to trust the client app?
Encryption by default eliminates the biggest advantage: simplicity. But as an option, it's an useful addition that will be implemented sooner or later.
If you don’t trust a communication channel, you could always do a Diffie-Hellman key exchange in the clients which lets you create a shared encrypted channel between two parties by sharing public keys. This works even if they are trying to monitor you.
It can work with simplex channels if you have the public key of the receiver. Both parties just need to know each other's public keys to create encrypted communication. After exchanging the public keys, it can be one-way communication.
I guess it wouldn't work for a one-to-many channel though, just individual one-to-one channels.
If you run binaries compiled by the author of the software it wouldn't matter that it is open source, so play store is out of the question. So then it must be open source and you must use distributor you trust: your distro maintainers and F-Droid.
Also you must trust that people did really take a look at the code.
> Therefore, no need to trust anybody, as long as the software is open-source.
Demonstrably untrue. You must trust that the contributors are trustworthy, they have implemented a strong security posture for their project, and that the code is reviewed by people who are trustworthy. Many open-source projects have been, and continue to be, compromised on a regular basis.
That's only the case if I am unable to review the code myself, before any update, I fully understand the code, and I am smart enough that the contributors are unable to pull a fast one on me.
Given that I'm not a cryptography expert, I have a limited number of hours in the day, and open-source supply chain attacks are typically obfuscated, I don't consider that to be a trivial statement.
You have 0 guarantee that the open source code is actually the code that runs on your device.
And you have 0 guarantee that the device itself is not compromised.
And you have 0 guarantee that the OS is not storing your data.
E2E on mobile devices is a security blanket with holes the size of the solar system.
> Swapped to Arch and haven't looked back yet, Arch took me a lot more work to get set up but once it was it's been pretty invisible, which is how I like my OS to be.
I think that Fedora Workstation[1] is a #1 alternative to Ubuntu in terms of smoothness and ease of use. And if .deb is a requirement – then simply Debian.
Kind of creepy, but you just described, step for step, how I ended up running Fedora's KDE Spin on all my boxes over the past year. I really wanted to like Manjaro, I mean the AUR is incredible and their visual design even uses all my favorite colors, but despite my best efforts it felt alien to me in a way I can't well articulate.
Now enter Fedora for the past 4-5 months and I have to say I'm rather impressed. In particular, their package archives seem to keep current with a lot of the software I rely on far better than Debian/Ubuntu. Using dnf feels much more familiar than pacman ever did, and as of now I feel like my search for a daily driver has ended. I would recommend anyone else that's not happy with the experience of Ubuntu anymore to do likewise and see how Fedora feels in its place.
I went Fedora because of someones recommendation on HN when complaining about some issues I was having with other distros. But i too feel like my search for a daily driver has ended!
> Fedora is very much NOT an all-ready-out-of-the-box experience, unless you are a FLOSS dev.
Nah it's pretty close if you have an integrated Intel or AMD system, you really don't need closed-source drivers for much except Nvidia these days. Chrome is in the non-free Fedora repositories (or can be installed easily from the website with an .rpm) and that's all most normal users need.
Do they stroll restrict nonfree audio/video codecs?
I would use fedora, but I want my repository set limited to trusted sources only. Core repositories are RedHat endorsed, afaict the user managed ones are not.
I want the ability to say that packages are from maintainers that are well trusted in a court of law. I cannot do that with fedora due to this, Ubuntu seems to be my only solution and it’s rapidly becoming unusable (I don’t hate snap, but it’s broken my workflow).
Most websites people care about use open codecs these days (Google and Netflix use VP9 and AV1, both are open and royalty-free).
Never had an issue with font rendering. And cutting edge being too cutting edge might be an issue with some dev things but having up to date Gnome and apps is fine.
People care about fans spinning up and batteries draining. Video not being hardware accelerated is a bad ootb experience and the type of reason Ubuntu became so big.
You don't need to be a developer, the average computer enthusiast is capable of googling the matter figuring it out. It may not be appropriate for the "colloquial grandmother" sort of user, but you certainly don't need to be a computer programmer to figure it out. There's a lot of ground in-between those.
My dad is a retired accountant and a computer enthusiast since the 80s. Never a programmer, but he does this kind of stuff. Has managed his own linux installations for about 15 years.
Nobara Project[1] helps with this. It is somewhat gaming-on-linux focused, but for some, like myself, that's a win. I use it on both my desktop (Intel CPU, AMD GPU) and my Thinkpad T480: works great on both.
Another good alternative could be openSUSE: https://www.opensuse.org/ - also pretty smooth, with user-friendly configuration tools, and no snap nonsense. WSL users might also be interested in using that for their distro instead of Ubuntu.
I used to use opensuse around 2010, and had very pleasant experience with it. Things just worked, and their Yast tool was very handy. I used to joke that opensuse is the Mercedes of linux distro :).
I am wondering why it isn't more popular. Is there any sentiment/experience people would like to share about this distro?
It's the second biggest Linux company behind Redhat, so I think it's reasonably popular. It's also been a while since I used it, but I'll also point out that it's developed primarily in Germany, so it's entirely possible it's just not as popular in the English speaking community.
However, the licensing agreement with Microsoft put many people in the open source community off, so I think that's contributed to its decline among hobby users.
Ubuntu does a pretty good job marketing-wise, many people start they journey with Ubuntu and never look for other distros. Or on the other hand, they end up on advanced/continuous-maintenance distros like Arch Linux.
I was wondering, if ticket resale is a viable business model only because tickets are not priced properly in the first place.
What if tickets were sold using a reverse auction system[1] instead? For instance, tickets could start at $1000 and then go down by $1 every hour until the minimum price set by the promoter is reached – or all the tickets are sold out.
This way, even if resellers bought a huge number of tickets, it's possible that they wouldn't be able to resell them for a large enough profit to cover the risk.
Pricing had lots of factors and you don't want to lock pricing to a specific model only to solve this problem. Why not design such that simply prevents reselling? From the article:
> What’s more, fans won’t be able to resell their tickets [...]
This works great for air travel so why not concerts as well? The reason it's not common must be because of collusion or side business with scalping services (which we know that e.g. ticket master has done). Checking an ID card is easy.
> [...] unless they go through the Eventim-distributed website fanSALE
This is potentially dangerous. Scalpers can still transfer ownership for an out-of-bounds payment. So this isn't exactly waterproof.
Here's how I would do it:
- 2 days before release, anyone can sign up to buy tickets. Name and payment details are required and put in escrow or on CC hold (weak rate limit). They are put in an unordered set (no bot advantage)
- at release time, assign tickets those in the set until you run out of tickets.
- create a queue for the remaining tickets. The unlucky ones who didn't get tickets in the former step are moved to the queue (again in random order). Others can also join the queue, but this time order is maintained, for fairness[1].
- You can leave the queue anytime and get your escrow money back. In this case, you cannot choose who will get your ticket, it goes to the person who is first in line.
This doesn't solve all intricacies like group bookings, different kinds of tickets etc, but that should be solvable without breaking this scheme.
[1]: Technically you can just keep the unordered set, but you cannot just make returned tickets available suddenly, because of bot advantage)
(Follow-up) It's kinda exhausting reading here through comment after comment of armchair "entertainment venue economists" imagining how to maximize the profits for a single event, all the while forgetting the circumstances leading to event tickets being underpriced.
Circumstances such as the fact events are generally a part of tours, that the artists likely want a diverse audience, that event sales have side effects on future sales and marketing, etc etc.
Not specifically targeted at you, krn, but is it really so far-fetched to think that artists did think about the fact they'd still have sold out venues at a higher price point?
> [...] imagining how to maximize the profits for a single event
No, I am not interested in maximizing profits. I am only interested in eliminating resellers.
> Circumstances such as the fact events are generally a part of tours, that the artists likely want a diverse audience, that event sales have side effects on future sales and marketing, etc etc.
That's exactly my point: if currently tickets are grabbed by automated systems and resold for much higher prices, none of these goals are reached by the artists.
Your answer is to become the reseller and charge more putting the reseller out of business?
Now you have increased profits short term and increased risks. And only rich fans can attend. This works for some stars and against other star'a brand.
A popular answer is requiring the purchaser to show id to get in with obvious drawbacks.
Rising prices would lose the cool fans and make the followers who can afford less likely to want to go.
> Your answer is to become the reseller and charge more putting the reseller out of business?
No, that's what the promoter should do.
> Now you have increased profits short term and increased risks. And only rich fans can attend. This works for some stars and against other star'a brand.
No, it's doesn't have to be this way. Price could start at $1000, but the minimum could be as low as $50.
Yes, the rich fans would get their tickets first, but after the first 50% tickets are sold, all the remaining tickets could cost $50.
This way, at least theoretically, all the rich fans would get their tickets directly, and the resellers would go out of business.
What makes you think there would be any remaining tickets? I mean I don’t see how this system could increase the availability, it would only allow the event organizers to get all the surplus that goes to the resellers now. Also having a fair and transparent system would likely only increase the number of bidders driving up the price even more.
> What makes you think there would be any remaining tickets?
Again, there could be a rule, that after the first 30-50% tickets are sold, all the remaining tickets are sold at the base price (let's say, $50).
It's just a trick to force resellers out of business: because there is a limited number of people who can afford to buy tickets at heavily inflated prices.
Under your model, the first 30-50 percent of tickets would be sold at a high price, and the last 50 percent would be grabbed by resellers then ... all this has done is increase the average price of the tickets, and resellers still exist.
> Could have asked if they think selling to Adobe has limited the potential of what Figma could accomplish. Could have asked about how users who supported them as a solution against Adobe might feel betrayed.
Well, it's a business, not a non-profit.
In business everything is for sale at any moment in time, if the price is high enough. Especially, when there are multiple shareholders with different goals.
As an entrepreneur he simply did his job: he built an extremely valuable company and took the best deal he could probably get for it.
Maybe a few years later he won't even be with Adobe anymore. Just like the founders of Instagram and Whatsapp are no longer with Meta.
Building tools to dethrone Photoshop, Illustrator and After Effects IS a good business though. You’ve essentially swapped just over 1 year of Adobe revenue for a quick exit instead of building the system that delivers $15B+ yearly by dethroning them.
Claiming this is a good move is the same as claiming selling the iPhone or Android to Nokia for short term profit would have been a good business move.
Lots of people shared the same sentiment you just did about Instagram selling to FB. Look at them now, if IG had continued alone the idea to sell to FB would be a joke at this point.
> You’ve essentially swapped just over 1 year of Adobe revenue for a quick exit instead of building the system that delivers $15B+ yearly by dethroning them.
The question for Figma was, if they would ever reach $20B+ market cap after an IPO, and how long it would take them to do so.
The decision to sell to Adobe was surely based on many calculations. Just like Whatsapp's decision to sell to Facebook for $19B.
> Claiming this is a good move is the same as claiming selling the iPhone or Android to Nokia for short term profit would have been a good business move.
Android Inc. was a company sold to Google in 2005 for short term profit:
Where would Android be now without the backing of Google? Where would iPhone be now without the backing of Apple?
> Lots of people shared the same sentiment you just did about Instagram selling to FB. Look at them now, if IG had continued alone the idea to sell to FB would be a joke at this point.
There are multiple accounts of how many resources, human capital, and know-how Facebook put into Instagram to scale it. The same can be said about YouTube in the hands of Google.
You would probably say, that selling Vine to Twitter was a great decision, because it got eventually shut down as being worthless. But look at where Bytedance is with TikTok now.
> Claiming this is a good move is the same as claiming selling the iPhone or Android to Nokia for short term profit would have been a good business move.
There is no objective “good” or “bad” move. If the owner feels like selling and that helps them meet their goals in life, then that is “good” for them. If iPhone or Android owners want to bet they can usurp Nokia and want to take on more risk, then that is “good” for them.
> As an entrepreneur he simply did his job: he built an extremely valuable company and took the best deal he could probably get for it.
Sorry, but: no.
There are many ways to work in the world, and certainly one way is to be an amoral mercenary in search of profit.
But if you think "the job" of the entrepreneur is simply to have a good exit, well the world would be gravely impoverished if entrepreneurs in general shared your view.
The fact that many of the acquiring companies in these stores are still largely controlled by their founders is telling.
> But if you think "the job" of the entrepreneur is simply to have a good exit, well the world would be gravely impoverished if entrepreneurs in general shared your view.
The job of an entrepreneur is to calculate everything and to make the right decision in every situation.
There could be many reasons behind the decision to sell to Adobe for $20B:
– Maybe reaching the $20B market cap after an IPO would have taken a very long time for Figma on its own;
– Maybe were was an extremely high risk of Adobe acquiring another competitor or building a competitive product in-house;
– Maybe the investors wanted the have an exit now, 10 years after the company's creation;
– Maybe the founders had other ideas they wanted to work after their vesting with Adobe expires.
> The fact that many of the acquiring companies in these stores are still largely controlled by their founders is telling.
For some companies the right exit is IPO, for others – acquisitions. But if they took any money from investors, they must have an exit.
You're right, my comment was overblown (night-posting) and I wasn't even reacting to the Figma acquisition but rather to the general implication that entrepreneurs should want money as opposed to wanting to create a good thing (like Figma!) in the world. In the best case they want both.
I wish both Figma and Adobe well, and I hope they do cool stuff together.
I think we can have the best of both worlds here: OS distributions that are being maintained by paid teams of security experts, and that can be audited by anybody.
What are the major ones? Android, Chromium OS, RedHat (Fedora, CentOS), and SUSE.