Regarding apparmor/selinux, who creates/audits those profiles to make sure each application only has access to exactly the libraries it needs? It probably defeats the purpose if it's the app authors. Similarly, who validates that these profiles don't break functionality for any device/os version? I could see this being an option for power users who are willing to collaborate on creating the profiles and deal with fixing the occasional incomplete profile. I'm not sure how feasible it'd be as a solution for your typical user though.
JSON Schema and Swagger/OpenAPI provide some of the missing functionality described above (type definitions, enumeration, validation). It's not quite the same and in particular I'm not sure I've seen a reference to the schema passed with the json itself (although that could easily be ignorance on my part).
I'll admit to being ignorant of apt as my primary distributions aren't debian based, but aren't packages cryptographically signed? If package signatures are validated after download, then it shouldn't matter right?
Edit: Skimming and I shamefully didn't the read grandparent post. The link addresses exactly this point.
YubiKey is at least supported, but only because it also functions as a pgp smartcard. You can load you pgp private keys on the yubikey and then all decryption will only be done on the Yubikey itself.
I'm surprised there's not more discussion of passwordstore in this thread. In light of the parent article, I want to point out one of it's killer features (from my perspective). As it's built on top of PGP, you can move your private key to a PGP smart card and then decryption operations are done entirely on the smart card. Your private key never leaves the card. If you're using a Yubikey as the smart card, there's also a feature where you have to touch the card to approve of any operation (even when already unlocked by entering the smart card's password).
If you want to buy my house, sure. You're free to look at anything you want once you own it. It's yours.
What's not okay is for me to build a house and add recording devices all around and then sell it to you without informing you. Using your house example, that's the most direct comparison and would 100% be illegal.
There's obviously a trade off most users are willing to make between privacy and functionality, but I do believe the exchange should be 100% in the open and a conscious decision made by the user.
In this specific case it’s like I install recording devices... that locally search for faces to turn the lights on to each occupants preferred brightness.
It looks like it’s a convenience app for transportation.
I’m an Android developer and nothing mentioned is suspicious or obfuscated.
In fact, the fact he can get that list of functions he posted means they used less obfuscation than normal (they didn’t do the equivalent of minifying with Proguard, which most devs would say all production apps should)
The use of multiple services makes perfect sense, one app manages background communication instead of dozens of service apps making network calls when they feel like it (bad for battery life since the radio is always in a high power state).
I think this is a bit of an overreaction in this case.
The horrifying thing about your example is you've basically described a "smart home" and we're fast approaching an era where anyone purchasing a home will expect it to be rife with third-party cameras and listening devices, and pay a premium for it.
Passing the "wrong" number of arguments isn't a syntax error in JavaScript.
If you pass fewer arguments than declared parameters, the rest are implicitly undefined. The variations you were seeing probably just came down to how the invoked function handled that undefined value. I can still understand how inconsistency in behavior there might be confusing.
Node-solid-server is just one implementation of the spec. There's nothing stopping another implementation from having a cpanel like management interface.
As much as I like AllegroGraph (and I wrote a book using AllegroGraph) if you want people to be able to install your project easily, then using SQLite, or something similar, might make it easier for people try try it out.
Agreed - the cl-json library will handle all the Solid standards and then developers can layer on top of that their preferred db etc. I'm not sure if we need a db for the core library or not...
