<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<blockquote type="cite"
cite="mid:df6a934c-2b79-4951-859c-8c5240b96fba@www.fastmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
<div>I didn't realize that Ubuntu has erected a paywall around
their walled garden Snap Store.<br>
</div>
<div>You can't get your app on the Snap Store without Ubuntu's
permission, you can't run your own Snap Store or provide snap
autoupdates without Ubuntu's permission because the server side
is proprietary (unlike Flatpak), and if your app is related to a
commercial business, Ubuntu wants a cut.<br>
</div>
<div><a
href="https://www.nitrokey.com/news/2021/nextbox-why-we-decided-and-against-ubuntu-core"
moz-do-not-send="true">https://www.nitrokey.com/news/2021/nextbox-why-we-decided-and-against-ubuntu-core</a><br>
</div>
<div><br>
</div>
<div>This is exactly the sort of nonsense I'm trying to get away
from, motivating my migration from MacOS to Linux.</div>
</blockquote>
<p>Quote from an article:</p>
<p>"""</p>
<p>The hack has the central problem that all devices in the Global
Store are identified as the same device and "this can cause
problems".<br>
</p>
<p>"""</p>
<p>Me thinking:</p>
<p>- Why should store identify devices?</p>
<p>You really want to get upgrade bits anonymously. Just in case.
Okay, your delivery hash crypto is non-breakable, but DoS on
update of a particular client may leave it vulnerable, and
indicate that it is time to attack. Attacker chooses time of an
attack. Defender chooses place, i.e. architecture it uses.<br>
</p>
<p>- Why should server and everyone know how many devices I use?</p>
<p>Looking at Signal, Wire, others.</p>
<p><br>
</p>
<p><abs> 3NWeb </abs> :)<br>
</p>
<p><br>
</p>
</body>
</html>