00:15:57 Hi my friend is trying to setup XMRIG proxy to work with p2pool 00:16:11 (my friendgroup wants to all mine together to the same p2pool node) 00:16:40 we plan to go off outputs from XMRIG proxy in order to setup automatic payouts after we've found our rewards 00:16:54 (if that's even possible we're all nero noobs) 01:15:54 "we plan to go off outputs from..." <- P2pooler 01:16:16 p2pooler 01:17:28 how does work? 01:42:55 "https://f-droid.monerujo.io/..." <- Monerujo is sus 01:44:16 When an app does not exist on the official FDroid repo, and instead uses its own repo, suspiciousness levels are already off the charts 01:50:14 "When an app does not exist on..." <- Molly and collabora have their own repos and I don't think they're sus. 01:50:31 Also the guardian project 01:52:31 On Android it's still better to trust the FDroid repo instead of using third party repos 01:52:35 "When an app does not exist on..." <- The exact opposite is true 01:52:47 And the Guardian Project has had severe problems in the past 01:52:55 idkrn[m]: Why so 01:53:01 cockliuser[m]: Fdroid is possibly the least trustworthy source possible that isn't actively malicious 01:53:24 The official repo serves to be a source of open source software 01:53:29 The review process is very strict 01:53:36 cockliuser[m]: https://wonderfall.dev/fdroid-issues/ this is just the start 01:53:49 idkrn[m]: Moved to https://privsec.dev/posts/android/f-droid-security-issues/ 01:53:50 Third party repo is worse 01:54:08 cockliuser[m]: No it is not. All it does is ensure free software 01:54:22 The security issues are due to fdroid not working according to the Android security model 01:54:36 Installing third party repos amplifies that issue 01:54:38 They build process is abysmal 01:54:44 s/They/Their/ 01:54:58 idkrn[m]: That's what I'm saying 01:54:59 cockliuser[m]: That's not even close to encompassing the issues fdroid provides 01:55:34 cockliuser[m]: With FDroid's repo you have a guarantee that the software you're using is open source 01:55:42 Ok? 01:55:46 With third party repos you don't have that 01:56:04 You can also just check their source yourself… 01:56:30 I do not trust fdroid at all 01:56:30 I'd rather people more involved in the sphere check the source 01:56:55 You should really read the article I linked 01:56:56 Plus fdroid has pretty useful warnings for non open source servers, non open source upstream etc 01:58:05 Who cares 01:58:24 Their build process is awful 01:59:15 They even allow software with known vulnerabilities on their site 02:00:06 idkrn[m]: The article you linked validates my argument even though it says so targeting fdroid 02:00:28 ? 02:00:28 "having other repositories in a single app also violates the security model of Android" 02:00:41 In section 4 02:00:43 The article says much much more than that 02:01:24 I'm talking about fdroid specific issues 02:01:25 I know, but I'd rather not trust a third party repository 02:01:25 That's what fdroid is… 02:01:25 Fdroid has issues, but it's the best alternative we have 02:01:31 First party would be from the developer 02:01:36 cockliuser[m]: No it's not 02:01:52 idkrn[m]: Developers have to distribute their code 02:02:13 cockliuser[m]: You can still get it from the developer 02:02:19 That's what first party is 02:02:28 Fdroid is a 3rd party 02:03:02 Third party that also serves as a mini audit for how much software really is open source 02:03:18 Which means absolutely nothing 02:03:19 It all boils down to trust 02:03:32 cockliuser[m]: You're just adding an extra party to trust 02:03:40 One that isn't good at its job 02:04:08 Even their client sucks 02:04:09 The "Android security model" is kind of a bullshit argument though 02:04:24 cockliuser[m]: Read the rest of the article 02:05:18 cockliuser[m]: They could provide this arguably useless service without ruining the build process 02:05:39 idkrn[m]: I have, but the biggest point it outlines is the fact that FDroid doesn't match with the Android security model, the part about the build system is added in for good measure 02:06:01 cockliuser[m]: That's the smallest part 02:06:25 idkrn[m]: Do you want the developer to build the binaries and for users to use the developer-built binaries? 02:06:41 What if the developer bundles in malicious code? 02:07:24 With FDroid, you only have one party to trust 02:08:19 If you do trust FDroid, you can trust that the binaries you get for an application will be built from free software without bundled-in malicious code 02:08:50 >While we’ve seen that F-Droid controls the signing servers (much like Play App Signing), F-Droid also fully controls the build servers that run the disposable VMs used for building apps. And from June to November of 2022, their guest VM image officially ran an end-of-life release of Debian LTS. It is also worth noting that Debian LTS seperate project from Debian which attempts to extend the lifetime of releases that are deemed end-of-life by 02:08:52 the Debian project and does not get handled by the Debian Security team. The version they were using (Debian Stretch) was actually discontinued 2 years prior. Undoubtedly, this raises questions about their whole infrastructure security. 02:09:04 cockliuser[m]: Fdroid isn't stopping that. What if fdroid bundles malicious code?? 02:09:19 cockliuser[m]: Absolutely 02:09:23 That's the problem 02:09:40 You have to trust each and every developer 02:09:48 cockliuser[m]: Fdroid does not stop an app from being malicious 02:09:57 cockliuser[m]: You do anyways 02:10:24 Fdroid doesn't do security audits of apps. 02:10:36 idkrn[m]: It does stop an app from being different from the provided source code 02:10:37 With fdroid there's only one party to trust instead of 2000 developers 02:10:47 idkrn[m]: They verify that the application is fully open source 02:10:54 And the builds are handled by them 02:10:55 cockliuser[m]: Which does what? 02:11:05 cockliuser[m]: You have to trust both… 02:11:38 It mitigates the problem of trusting the developer to not interfere with the binaries 02:11:55 cockliuser[m]: No it does not 02:12:06 https://www.f-droid.org/en/packages/com.saverio.pdfviewer/ they literally build a vulnerable app and continue to ship it to users 02:12:21 How so 02:12:22 The builds are handled by fdroid 02:12:22 Not the developer 02:12:28 And they underline it 02:12:32 cockliuser[m]: They're automated 02:12:43 cockliuser[m]: And? 02:13:24 idkrn[m]: Vulnerabilities are not the problem they're trying to fix 02:13:41 Atleast they actually tell you it has a vulnerability 02:13:46 How is that any different from an app being malicious 02:13:49 cockliuser[m]: Lmao 02:13:58 With the developer distributing the binaries, you'd never know 02:14:05 cockliuser[m]: https://privsec.dev/posts/android/f-droid-security-issues/#1-the-trusted-party-problem 02:14:53 cockliuser[m]: Are you downloading from devs you don't trust and expecting fdroid to audit the app for you? 02:15:08 Tell me this, would you rather place your trust in every developer not to insert malicious code in the binaries during the compile process 02:15:15 Or would you trust one party 02:15:24 cockliuser[m]: Fdroid didn't get the element update patching the broken e2ee for a whole day 02:15:38 Again, vulnerabilities are not the problem 02:15:43 cockliuser[m]: Fdroid is not trustworthy 02:16:01 cockliuser[m]: No different from an app being malicious when someone can just exploit it themselves 02:16:28 idkrn[m]: There hasn't been anything untrustworthy about FDroid for the many years it has existed :) 02:17:14 cockliuser[m]: It's been untrustworthy for its entire existence 02:17:17 My point isn't that all FDroid apps are inherently secure, but that they do fix a problem 02:17:26 Stemming from their terrible practices 02:17:33 Most users won't compile an Android app from source 02:17:36 cockliuser[m]: They do not 02:17:51 idkrn[m]: Afaik I can use Google play, f-droid and surf the web to download apk. I'm your opinion what should I do ? 02:18:08 cockliuser[m]: So FDroid serves as a party to trust to compile apps identical to source code 02:18:25 s/I'm/In/ 02:18:45 fdroid deserves as much 'trust' as any android fucktardphone : none 02:18:53 cockliuser[m]: With the myriad of apps people use, you'd have to trust each and every developer 02:19:25 raas[m]: Google play, the izzyondroid fdroid repo, repos hosted by the developer, or getting apps directly from github etc. Be advised that if you download from github, you must trust the initial app to be genuine (likely the case with https) and manually check for updates. There is also https://accrescent.app but that isn't 1.0 yet 02:19:26 Instead, you can trust a central party to do so 02:19:28 as2333: FDroid is identical to the Debian packaging system 02:19:32 cockliuser[m]: As you still do 02:19:54 cockliuser[m]: That's not great 02:20:03 At least Debian won't build apps on old and broken OS 02:20:07 idkrn[m]: I don't have to trust the developer regarding the binaries 02:20:28 cockliuser[m]: Fdroid automates the building of apps, so yes you do 02:20:48 I can read the source code and verify that the app isn't malicious, but if I downloaded it from the developer, I'd have to trust him to not bundle in malicious code 02:21:01 Fdroid apps tons of issues and doesn't actually solve any 02:21:24 idkrn[m]: It's about the compile process not the source code's security 02:21:40 idkrn[m]: Don't feel comfortable downloading "random" things from GitHub. I need to trust someone cause lack of technical aptitude to verify stuff myself. I'll check accrescent 02:22:14 Accrescent is almost 1.0. Check out #accrescent:matrix.org 02:22:54 The devs get to upload the apps themselves similarly to Google Play 02:22:55 idkrn[m]: Why would anyone in their right mind recommend izzyondroid while arguing against trusting third parties 02:23:23 cockliuser[m]: Because those aren't build by a third party. They are identical to the ones on github 02:23:39 Are you sure :) 02:23:43 Yes 02:23:44 How do you know 02:24:01 cockliuser[m]: Because I can first download from github, then update from izzy 02:24:24 Good, but you're trusting the GitHub binaries 02:24:28 At that point signature verification ensures the same key was used to sign the app 02:24:46 cockliuser[m]: I only download apps from developers I trust 02:24:49 As I said, I'd rather trust a central party than a random developer 02:25:03 idkrn[m]: That's good, but isn't viable for most people 02:25:31 cockliuser[m]: They are made up of random of developers… They also don't check for anything other than non free software 02:25:54 idkrn[m]: That's enough security for me 02:26:12 It's not to be recommended to other people 02:26:17 By downloading from the developer, you don't even have the guarantee of it being free software 02:26:29 Who cares 02:26:36 Really? 02:26:47 "Who cares?"?!? 02:26:53 Yes 02:27:09 Proprietary software isn't inherently dangerous 02:27:14 it is though 02:27:31 idkrn[m]: Murphy's law 02:27:37 you can never really verify if it's doing anything malicious 02:27:50 s0x41[m]: Yes you can. That also doesn't make it malicious by default 02:27:56 so you should assume all proprietary software is malicious 02:28:16 s0x41[m]: No you shouldn't. That's fud 02:28:57 Proprietary software is routinely fuzzed and audited 02:29:02 idkrn[m]: Yes, let me go ahead install microsoft windows and use Microsoft 365 cloud to access my stuff and use zoom for web conferencing 02:29:08 * Yes, let me go ahead and install microsoft windows and use Microsoft 365 cloud to access my stuff and use zoom for web conferencing 02:29:16 That's up to you 02:29:16 idkrn[m]: Wireshark can only find so much 02:29:17 idkrn[m]: Not by you 02:29:31 s0x41[m]: That's not related to wireshark 02:29:41 cockliuser[m]: You're trusting a third party :) 02:29:47 That's what you were arguing against 02:29:48 idkrn[m]: are you talking about third party auditors? 02:30:05 you were just saying about how trusting third parties is bad 02:30:09 s0x41[m]: Yes? 02:30:24 s0x41[m]: It should be reduced to a minimum 02:30:54 cockliuser[m]: You can't build your entire phone yourself. There is guaranteed to be *some* trust in a third party. The point is to minimizenit 02:31:00 Are you trolling? If so, damn that's some masterful baiting 02:31:11 ? 02:31:31 If I go to a restaurant, I have to trust the chef not to piss in my food 02:31:36 With proprietary software, you're maximizing trust in a third party 02:32:02 No you aren't. It's barely different from third party software with public source code 02:32:12 Sure it is 02:33:07 I can surely compile my own version of proprietary software from source code and verify that it does only what the source code says it does, right? 02:33:24 If you believe that closed source software is something only the developers can understand, you're basically saying that it is perfectly secure so long as the source code is not available to the attackers 02:33:46 What? 02:33:55 wander[xmpp]: lmao masterful baiting 02:33:59 idkrn[m] proprietary software is malicious per se 02:34:06 obviously software can be introspected and reverse engineered to a certain degree 02:34:08 wander[xmpp]: I bet ur a master debator 02:34:17 s0x41[m]: A large degree 02:34:17 but the system as a whole is obfuscated from view 02:34:25 as2333: No it isn't 02:34:31 it totally depends on the software 02:34:43 ghidra can only do so much 02:34:54 etc 02:34:54 s0x41[m]: No it isn't. Obfuscation is completely different 02:35:04 i wasn't talking about obfuscation 02:35:14 s0x41[m]: Like reverse engineer malware which is actually malicious 02:35:23 * talking about software obfuscation 02:35:32 proprietary software is malware 02:35:58 as2333: Fud and an unsubstantiated claim 02:36:01 nah 02:36:16 you're actually spewing propaganda 02:36:24 I primarily use open source software, but I don't delude myself 02:36:30 Lol 02:36:35 funny how you went from complaining about fdroid to promoting outright malware. 02:36:44 as2333: I never did 02:36:48 Stop lying 02:37:39 you don't delude yourself about what? 02:38:01 About what open source software provides vs. closed source software 02:38:25 * cockliuser[m] uploaded an image: (58KiB) < https://libera.ems.host/_matrix/media/v3/download/matrix.org/nEuxvFiRlhtaOrdRbXyQCTVr/1674787093593.png > 02:38:46 Trolls don't make actual arguments 02:38:58 Which is what I've done 02:39:08 Memeing someone isn't an argument 02:39:11 Ok 02:39:24 Lol 02:39:24 Cool 02:39:36 Typical 02:40:25 idkrn: obviously we need to believe in someone or something to survive psychologically 02:40:37 otherwise we would go insane 02:41:13 s0x41[m]: I agree 02:41:35 But there are cases where you don't need to give trust 02:41:46 however i believe it is best to trust software that is universally auditable as opposed to software that can only be audited by a select few individuals 02:41:47 It's unnecessary and undeserved trust 02:42:03 s0x41[m]: Binaries themselves can be audited 02:42:24 they are much more difficult to audit than source code 02:42:35 furthermore reproducible builds exist 02:42:42 why would you audit the binaries if you don't object to proprietary software? 02:43:09 Even if you 100% trust fdroid to perfectly audit code, if they ever get hacked, everything you use is fucked 02:43:27 s0x41[m]: That's just moving trust to whoever verifies the build 02:43:35 as2333: Why wouldn't you? 02:43:54 idkrn[m]: you can easily verify the build yourself 02:44:00 that's the point of reproducible builds 02:44:02 I don't audit things myself, but I care about privacy and security 02:44:02 idkrn[m] why would you. You don't think proprietary software is malware. So just use it. Why would you audit it. 02:44:16 s0x41[m]: Then you can just install what you built from source 02:44:21 So there's no point there 02:44:31 that is true 02:44:34 as2333: There are more problems that just malware 02:45:00 Audits are meant to expose vulnerabilities in the software 02:45:24 A benign application which has been hijacked is no different from a malicious application 02:45:28 idkrn[m] if you're concerned about those, you'd ask the author to show the code 02:45:37 i don't think anyone was talking about security vulnerabilities here 02:45:40 as2333: That isn't enough 02:46:01 * talking about accidental security vulnerabilities 02:46:05 s0x41[m]: Those are no different from a backdoor in an application 02:46:11 The DOD uses open source and has a write-up on why open source is better, you're better off reading it instead of arguing here 02:46:12 https://dodcio.defense.gov/Open-Source-Software-FAQ/ 02:46:16 idkrn[m] thing is, given the current political situation, trends and the like, there's no reason to tolerate proprietary software. 02:46:23 cockliuser[m]: They also use Windows… 02:46:54 as2333: That is completely different from claiming all proprietary software is malicious 02:47:03 idkrn[m] it's the same thing. 02:47:11 No it isn't 02:47:14 or closely related 02:47:20 idkrn[m]: People trying to replace bad security practices with good security practices is good for society as a whole 02:47:39 cockliuser[m]: They aren't replacing that with Linux desktops. The hardware is also proprietary 02:48:01 as2333: I guess if you just state it, it's true 02:48:07 idkrn[m]: Do you work at DOD? 02:48:24 How is that relevant 02:48:45 idkrn[m] oh sorry, your baseless, pro-malware claims are so justified. 02:49:01 as2333: "Pro-malware". Evidence? 02:49:06 see above 02:49:16 idkrn[m]: How do you know for a fact that they use Windows and aren't already using open source operating systems for sensitive stuff? 02:49:16 as2333: That isn't evidence 02:49:34 cockliuser[m]: Because a lot of that must be public 02:50:00 If they have a massive contract to have enterprise windows, that will be public information 02:50:13 They definitely use Linux though 02:50:33 The NSA even developed SELinux 02:50:45 Because they need security 02:51:13 And they recognize that open source is inherently more secure due to its auditability 02:51:23 cockliuser[m]: That's why they don't use shit like Ubuntu 02:51:26 They'll secure the servers themselves 02:51:37 Plenty of government used Windows enterprise 02:52:07 Linux servers are 100% used by government though 02:52:08 idkrn[m]: Exactly, which is why they can't trust proprietary software in this day and age 02:52:23 cockliuser[m]: They do trust proprietary software 02:52:27 They use both 02:52:33 They might have used Windows in the old days, but they only use as it as legacy cruft now 02:52:44 It's not easy to replace infrastructure 02:52:54 They still use it now 02:53:00 their nature as a governmental institution also means that they control the proprietary software 02:53:10 s0x41[m]: Not really lol 02:53:35 idkrn[m] so your 'argument' is that governmnt criminals use something like windows...and that proves what exactly. 02:53:54 Goverments are provided source code to Windows 02:53:56 This is why they begged for Apple's help to unlock an iPhone 02:54:08 lawl 02:54:11 cockliuser[m]: Not all of them 02:54:25 idkrn[m]: The DOD definitely is 02:54:26 and now, crapple advertising 02:54:38 as2333: Where did I advertise for them 02:54:50 You've lied about what I've said numerous times 02:55:04 you mean, I 'lied' in your wrong opinion 02:55:16 cockliuser[m]: Certainty not for every update 02:55:35 as2333: An opinion can't even be wrong. That makes no sense 02:55:39 idkrn[m]: They don't update stuff 02:55:40 ... 02:55:54 cockliuser[m]: They have to at the very least for security 02:56:03 Servers use stable releases 02:56:11 Have you heard of LTSC 02:56:25 They still get updates 02:56:39 Security updates can be distributed as source code patches 02:57:24 They are not going to be building the entire OS from source and manually distributing it to all their machines after every patch 02:57:40 You can't be sure about that 02:57:49 cockliuser[m]: It's likely 02:57:56 It's the government, they need security 02:58:05 They're not going to trust random binaries 02:58:41 The only trust they'll place is in the compiler and that's it. 02:58:56 * icarolongo[m] uploaded an image: (42KiB) < https://libera.ems.host/_matrix/media/v3/download/monero.social/LHsJVfTSGDzFmQkflbhYzVBD/images(31).jpg > 02:59:36 cockliuser[m]: i wouldn't be surprised if they keep a version of the compiler that they've bootstrapped from assembly 03:00:03 The CEOs of Apple, Google, Microsoft, etc. don't read the source code of their OS, but they still use it. That probably won't convince you of anything, but maybe it'll make you rethink some things. The code for a kernel alone is 10s of millions. Web browsers have even more. No one is reading all of that code themselves 03:00:24 cockliuser[m]: No way they compile everything themselves 03:00:50 The military can't even repair all their own guns 03:00:58 what point are you making idkrn[m] 03:02:06 Proprietary software is not inherently malicious. Randomly people publishing apps to show off their skills are not malicious, just as an example 03:02:29 >Proprietary software isn't inherently dangerous 03:02:34 that's a wrong, baseless claim 03:02:35 as2333: Correct 03:02:39 what other point are you making 03:02:48 as2333: It is not 03:03:39 You're claiming things are malicious with no evidence of actual malicious behavior 03:04:15 I always prefer FOSS 03:04:33 But I'm not afraid of proprietary software 03:04:45 your problem 03:04:59 >The CEOs of Apple, Google, Microsoft, etc. don't read the source code 03:05:07 those criminals need to be executed 03:05:18 There's definitely proprietary software that is not spyware, it's just a lot harder to figure out if it is and what it's doing. 03:05:20 as2333: This is definitely a level headed take 03:05:27 s0x41[m]: Marginally 03:07:19 s0x41[m]: Might not be spyware, but often contains stolen code, shitty code, exploitable code etc 03:07:41 idkrn[m]: A 13 year old skiddie can create obfuscated malware and you won't be able to understand what it does 03:07:44 ofrnxmr[m]: How would you known it contains stolen code when you can't read it? 03:07:54 Its security via obscurity 03:07:54 Imagine trusting a proprietary encryption algo 03:08:08 cockliuser[m]: False. Also, if the code is actually obfuscated, that is an indication of a malicious app 03:08:17 LMAO 03:08:27 > <@ofrnxmr:monero.social> Its security via obscurity 03:08:27 > 03:08:27 > Imagine trusting a proprietary encryption algo 03:08:27 Who said it had anything to do with security 03:08:49 ofrnxmr[m]: Linux has a ridiculous amount of vulnerable code too 03:09:02 Exactly ^ 03:09:03 idkrn[m]: Obfuscation covers up the fact that it's obfuscated bruddah, otherwise all malware would be detected easily by antiviruses 03:09:06 idkrn[m] the code is obfuscated to protect 'intelectual property' - there is nothing malicious about obfuscation. 03:09:09 Difference? It is seen and fixed 03:09:23 Proprietary? 0 dayed 03:09:24 And nobody knows what is going on except for attackers 03:09:32 cockliuser[m]: How can you hide the fact that you're code is obfuscated? 03:09:37 ofrnxmr[m]: So is Linux 03:09:53 And fixed by ANYONEA WHO CAN SEE THE CODE 03:09:55 idkrn[m] oops, you can't keep your bullshit story right eh. 03:10:01 ofrnxmr[m]: You can clearly see my example of fdroid shipping apps with unlatched vulnerabilities 03:10:17 Open source =/= secure 03:10:21 ofrnxmr[m]: You've never fixed a 0 day 03:10:22 idkrn[m] you see nothing wrong with propiertary code, but obfuscated proprietary code is somehow bad. 03:10:35 idkrn[m]: Nit a crit, but yes I have 03:10:41 idkrn[m]: They literally wrote "THIS APP CONTAINS A KNOWN VULNERABILITY" 03:10:55 If you can't read that then :P 03:10:55 as2333: Anything obfuscated is a red flag. A compiled app is not the same as an obfuscated one 03:11:04 cockliuser[m]: That's not relevant to what I just wrote 03:11:11 idkrn[m] enough of your trolling 03:11:17 Low level convo 03:11:25 ofrnxmr[m]: I was refuting this claim by showing an open source app currently being shipped with a known vulnerability 03:11:46 Telegram level chat 03:11:52 I mean if you want to use proprietary software go for it. Just don't pretend it's more secure than OSS. 03:12:01 s0x41[m]: When did I ever 03:12:24 I rarely use proprietary software anyway 03:12:35 I'm just not scared of it 03:13:31 Who's scared of it? Plenty of things we use in daily life run prop code 03:14:03 ofrnxmr[m]: There are multiple people here who claim that all proprietary software is malicious 03:14:12 It is 03:14:12 it's just more bullshit 03:14:19 Being lazy and greedy = malicious 03:14:25 "idkrn proprietary software is..." <- Like here 03:14:43 ofrnxmr[m]: Greedy? Who releasing an app for free is greedy? 03:14:48 he's calling people who reject proprietary crap cowards 03:14:58 idkrn[m]: Yes 03:15:01 That's a reach 03:15:09 Long arms 03:15:24 ofrnxmr[m]: I wasn't asking a yes or no question lmao 03:15:24 ofrnxmr[m]: Lol clearly 03:15:40 Greedy? Is a yes or no question, dummy 03:15:42 as2333: Not really 03:15:59 ofrnxmr[m]: "Who releasing an app for free is greedy?" 03:16:46 idkrn[m] I'm not 'scared' of proprietary software either. I know it's shit and that's why I reject it. 03:16:54 I never answers your second question, but a few devs ive worked with on prop software are who 03:16:56 ofrnxmr[m]: How are you not scared of what you consider to be malicious? 03:17:13 idkrn[m]: Malicious =/= scary 03:17:21 ofrnxmr[m]: I'm confused as to how you can give something away for free while still being greedy 03:17:22 I have a pair 03:17:31 Lmao what 03:17:42 Nothing in life is free 03:17:52 That's not true 03:17:59 What are you talking about 03:18:24 We've been discussing free and open source software for half this entire discussion 03:18:31 Are you saying FOSS isn't free? 03:18:37 Exactly 03:18:46 Do you think devs dev without eating? 03:19:08 You're one of those entitled people that think open source software is produced for free? 03:19:16 People pay for the software. You might not. Someone does 03:19:20 They don't make money off of someone downloading what they release for free 03:19:31 ofrnxmr[m]: That doesn't make it not free 03:19:54 L o l 03:20:11