September
Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

[00:04:01] <barking bandicoot> > <@Alekswag:matrix.org> i guess you can try looking at the logs for searxng, either from Tools > Services > searxng > Share with yunopaste (or read / dig the log yourself)

Thanks for the tools tip! Very nice! I cannot grok it though. Here are the logs: https://paste.yunohost.org/zirobifexa
[00:04:44] <Aleks (he/him/il/lui)> `Permission denied: '/opt/yunohost/searxng/searx/static/themes/simple/img/searxng2.png'`
[00:04:46] <Aleks (he/him/il/lui)> hmmokay
[00:05:03] <Aleks (he/him/il/lui)> let's look at `namei -l /opt/yunohost/searxng/searx/static/themes/simple/img/searxng2.png` to see what's wrong with the permissions
[00:11:12] <barking bandicoot> Ok. huh! nb. searxng2.png was searxng.png cp'd to searxng2png. I replaced searxng with a custom png. It was working!
[00:11:15] <barking bandicoot> namei -l /opt/yunohost/searxng/searx/static/themes/simple/img/searxng2.png
f: /opt/yunohost/searxng/searx/static/themes/simple/img/searxng2.png
drwxr-xr-x root root /
drwxr-xr-x root root opt
drwxr-xr-x root root yunohost
drwxr-x--- searxng searxng searxng
searx - Permission denied

[00:13:43] <barking bandicoot> I will rm it!
[00:15:23] <barking bandicoot> That did not work! 😂
[00:19:03] <barking bandicoot> After a reboot it is back! Cheers Aleks (he/him/il/lui) 🙏
[04:03:00] <barking bandicoot> I have another issue with Searxng. On one device I have https and on others only http! ??
[06:06:53] <lapineige> > <@nalla22:matrix.org> Exact, le fichier host peut aider en cas de soucis. Mais je veux particulièrement limiter les requêtes vers un DNS public pour des raisons de sécurité, je préfère que les communications entre les applications en local restent seulement en local sans faire appel à des DNS externes. Ces derniers pourront s'illustrer lors de connexions distantes.

Je ne comprends pas quel est le modèle de menace ici, et si ce n'est pas contournable avec du DNSSEC et/ou un resolveur DNS local
[06:26:52] <@err404:matrix.org> nalla22: si tu veux ne pas faire appel à des dns externe, tu édite le fichier /etc/resolv.conf pour y indiquer ton résolveur à toi (par exemple `nameserver 127.0.0.1` si ton ordi fait résolveur dns), ensuite tu execute `chattr +i /etc/resolv.conf` pour être certain que le fichier ne soit pas modifié dans ton dos par NetworkManager.
et tu ferme le port 53 en entrée et en sortie sur ton firewall
[07:49:21] <nalla22> Cest déjà le cas, j'utilise un résolveur local avec Pi-Hole qui fait office de serveur DHCP, il a été indiqué directement sur l'interface réseau concernée `/etc/network/interfaces`
[08:24:43] <@err404:matrix.org> ok, donc en fait tu n'a pas de problèmes, c'est seulement que tu aurai souhaité que yunohost dispose de réglages permetant de configurer le réseau?
[08:34:20] <nalla22> > <@err404:matrix.org> ok, donc en fait tu n'a pas de problèmes, c'est seulement que tu aurai souhaité que yunohost dispose de réglages permetant de configurer le réseau?

Exactement. Le seul problème que j'ai avec yunohost en ce moment c'est l'application des certificats SSL directement sur les l'IP LAN et les ports des applications. Je rajoute qu'en plus des problèmes que j'ai cité plus haut concernant les noms de domaines locaux utilisés sur yunohost, ces derniers ne me permettent pas un accès directe aux applications lors du démarrage d'une machine cliente, il faut en général compter 3 minutes (quand j'ai de la chance) pour que les noms de domaines pointent vers les applications (même en forçant avahi) !
[08:35:37] <@err404:matrix.org> alors moi j'ai tendancec à supprimer avahi-daemon (parce qu'il se permet de toucher aux routes qu'il n'a pas installé lui même)
[08:39:40] <lapineige> > <@nalla22:matrix.org> Exactement. Le seul problème que j'ai avec yunohost en ce moment c'est l'application des certificats SSL directement sur les l'IP LAN et les ports des applications. Je rajoute qu'en plus des problèmes que j'ai cité plus haut concernant les noms de domaines locaux utilisés sur yunohost, ces derniers ne me permettent pas un accès directe aux applications lors du démarrage d'une machine cliente, il faut en général compter 3 minutes (quand j'ai de la chance) pour que les noms de domaines pointent vers les applications (même en forçant avahi) !

> Le seul problème que j'ai avec yunohost en ce moment c'est l'application des certificats SSL directement sur les l'IP LAN et les ports des applications.

Ce que je ne comprends pas, ce qu'il est dit qu'il n'est pas conçu pour ça (il n'est même pas conçu pour tourner qu'en local, les *.local* sont un confort apporté lors de la phase d'installation), et que la solution pour travailler dans le modèle de Yunohost c'est d'utiliser un nom de domaine plutôt qu'une IP, et pour faire du 100% local juste renvoyer une IP à la place du domaine dans le résolveur local/de chaque machine, et que ça ne convient pas ?
[08:42:29] <@err404:matrix.org> j'ai déjà utilisé /etc/hosts quand je veux travailler sur une application et que je n'ai pas encore de nom de domaine pour de vrai, mais dans ce cas mon certificat SSL ne peut pas être validé, ce qui dans mon cas n'est pas grave du moment que je suis en https parce que je suis en local
[08:54:26] <lapineige> et en validant le certificant en utilisant le domaine publique au premier coup, puis en passant par le fichier hosts ?
[09:04:35] <nalla22> > > Le seul problème que j'ai avec yunohost en ce moment c'est l'application des certificats SSL directement sur les l'IP LAN et les ports des applications.
>
> Ce que je ne comprends pas, ce qu'il est dit qu'il n'est pas conçu pour ça (il n'est même pas conçu pour tourner qu'en local, les *.local* sont un confort apporté lors de la phase d'installation), et que la solution pour travailler dans le modèle de Yunohost c'est d'utiliser un nom de domaine plutôt qu'une IP, et pour faire du 100% local juste renvoyer une IP à la place du domaine dans le résolveur local/de chaque machine, et que ça ne convient pas ?

Justement, c'est ce que je trouve dommage, c'est pour cette raison que j'entreprend ces réglages, sinon je m'en serais bien passée si je n'en avais pas besoin !
[09:06:47] <nalla22> Comme je l'ai déjà écrit, j'arrive très bien à accéder en 100% local aux applications sans même utiliser le fichier hosts, mais en utilisant le firewal yunohost. Le problème c'est simplement les certificats mais je suis sûre qu'une solution sera trouvée d'une manière ou d'une autre.
(Même en local l'utilisation du HTTPS est importante contre les attaques MITM et d'autres attaques encore...)
[09:11:29] <Aleks (he/him/il/lui)> internallyscreaming.gif
[09:21:00] <nalla22> > <@Alekswag:matrix.org> internallyscreaming.gif

Je trouve vos réactions plutôt désobligeantes contrairement à tous les autres membres qui ont essayé de m'aider et que je remercie sincèrement !
[09:21:23] <nalla22> On a quand même le droit de personnaliser l'utilisation de Yunohost, à moins qu'une loi l'interdisant a été votée sans que je le sache, dans ce cas il serait judicieux de m'en informer 🤔
[09:22:26] <lapineige> Le point d'Aleks de ce que j'en comprends c'est plus que tu cherches à faire quelque chose pour lequel Yunohost n'est pas conçu (et c'est volontaire, il n'est pas fait pour tourner en 100% local).
[09:23:15] <nalla22> > Le point d'Aleks de ce que j'en comprends c'est plus que tu cherches à faire quelque chose pour lequel Yunohost n'est pas conçu (et c'est volontaire, il n'est pas fait pour tourner en 100% local).

C'est ce qui s'appelle de la personnalisation, c'est un outil OpenSource, ça sert à ça !
[09:23:50] <Aleks (he/him/il/lui)> mon point c'est aussi que ça commence à faire 10 fois qu'on explique calmement comme résoudre le problème, mais que à la place d'essayer et potentiellement constater que ça marche, on tourne autour du pot avec des affirmations qui ne veulent rien dire, ou à être obstiné à "utiliser l'IP" alors que y'a pas besoin
[09:23:56] <lapineige> > <@nalla22:matrix.org> C'est ce qui s'appelle de la personnalisation, c'est un outil OpenSource, ça sert à ça !

Oui mais on ne peut pas demander à l'outil d'être adapté à un cas d'usage pour lequel il n'est pas conçu.
[09:24:15] <Aleks (he/him/il/lui)> à un moment on est plus dans le cadre de "utilisation avancée de YunoHost", on est juste dans un cadre de energy-vampirisation
[09:26:54] <selfhoster1312> pour du HTTPS en local y'a que deux solutions:
- utiliser un "vrai" nom de domaine et un "vrai" certificat (même si ton firewall empêche l'accès depuis l'extérieur, sauf pour port 80 les routes /.well-known/ pour la génération du certificat)
- ajouter ta propre trust anchor TLS dans tes CA Certificates sur *tous* tes appareils, prier pour que les applications que tu utilises respectent ça
dans tous les cas ça marche que avec un nom de domaine pas avec une IP dans l'URL :)
[09:26:57] <lapineige> Et qu'il y a eu des solutions de contournements qui ont été proposées, et j'ai l'impression qu'on revient toujours à "la façon dont je voulais le faire n'est pas possible, comment faire ?" sans vraiment de justification de pourquoi les solutions évoquées ne fonctionneraient pas.
(et ça fait pas mal de pages du canal de support qu'on tourne autour de ça 😅)

Du coup de mon côté à un moment je me dis : ok donc là soit on constate que Yunohost ne sera pas adapté (quitte à chercher d'autres solutions logicielles), soit on passe sur une solution de contournement qui marche même si c'était pas le chemin désiré au départ.
[09:27:24] <lapineige> - ou le certificat autosigné
[09:30:26] <nalla22> > <@Alekswag:matrix.org> mon point c'est aussi que ça commence à faire 10 fois qu'on explique calmement comme résoudre le problème, mais que à la place d'essayer et potentiellement constater que ça marche, on tourne autour du pot avec des affirmations qui ne veulent rien dire, ou à être obstiné à "utiliser l'IP" alors que y'a pas besoin

À aucun moment il n'a été expliqué comment appliquer des certificats SSL sur l'IP en LAN, je l'ai écrit dès le dépars que c'était ma seule demande. Entre temps j'étais déjà passée à autre chose à défaut de trouver la solution que je cherchais. Ce matin j'ai simplement répondu aux questions qui m'ont été posées par politesse, sans demande particulière ou questions quelconque !
[09:30:39] <nalla22> Aleks (he/him/il/lui)Je vous invite à ne plus m'aider si c'est la seule manière qui vous permet de conserver votre énergie sans faire preuve de réactions désobligeantes !
[09:31:45] <selfhoster1312> > La réponse est : ce n'est pas possible.

Enfin si mais ça sera jamais marqué comme "valide" / "sécurisé" par un navigateur ou autre client
[09:31:55] <selfhoster1312> (ce qui était probablement le but)
[09:38:19] <lapineige> Ce n'est pas possible *dans Yunohost*. (ça a été dis pas mal de fois)
Ça marche 🙂
[09:38:19] <nalla22> > > À aucun moment il n'a été expliqué comment appliquer des certificats SSL sur l'IP en LAN
>
> La réponse est : ce n'est pas possible. (autre que le certificat autosigné)

Bien sûr que si, pleins d'applications le font nativement (webmin, syncthing...) mais je préfère qu'on arrête cette discussion ici. Merci pour votre aide !
[09:38:19] <lapineige> > À aucun moment il n'a été expliqué comment appliquer des certificats SSL sur l'IP en LAN

La réponse est : ce n'est pas possible. (autre que le certificat autosigné)
[09:40:18] <nalla22> > <selfhoster1312> (ce qui était probablement le but)

Exact, c'est le principe d'un certificat autosigné, c'est ce que je comptais mettre en place, ni plus ni moins. J'essayerai avec certbot ou d'autres solutions !
[09:42:11] <selfhoster1312> ben si tu ouvres le port 80 sur ton firewall (et yunohost ne laisse pas passer grand chose dessus) t'as tous les outils dans l'interface pour générer les certificats letsencrypt :)
[09:45:47] <lapineige> (on va refaire la conversation 😂)
[11:14:56] <marcus> Has a means of filtering proprietary applications in the yunohost catalog been implemented in the beta version?
[11:20:08] <Aleks (he/him/il/lui)> zzzzzzz
[11:22:12] <Aleks (he/him/il/lui)> 1) this is the support room
2) there not even a beta version of the yunohost catalog, it's alpha
3) please, tell me what "proprietary app" is in the yunohost catalog
[11:35:36] <marcus> https://aria.im/_matrix/media/v1/download/matrix.org/pBZGBZNYLuNHirIpBcdepXyj
[11:35:45] <marcus> https://aria.im/_matrix/media/v1/download/matrix.org/buKrQIgoFbkJFPrMiPSqAEUx
[11:35:53] <marcus> https://aria.im/_matrix/media/v1/download/matrix.org/AwOzbcacnolbttvcBMkwnwlD
[11:36:20] <marcus> There are plenty of other examples in the catalog. An application that has proprietary dependencies is itself proprietary, no matter what percentage of closed code it contains!
[11:37:03] <marcus> I've already discussed this problem with tituspijean here, and we agreed that the best solution would be to filter out applications that depend on proprietary code or a proprietary network in the catalog. In the same way that applications are filtered by "only decent quality apps", "only hight-quality apps",...
[11:39:03] <Aleks (he/him/il/lui)> is Debian proprietary then ?
[11:40:07] <Aleks (he/him/il/lui)> funfact, Nextcloud and Collabora do also have trademark clauses that may restrict the usage of their name, are they proprietary then ?
[11:41:04] <eric_G> ChatGPT web is not proprietary application
[11:42:05] <marcus> > <@Alekswag:matrix.org> funfact, Nextcloud and Collabora do also have trademark clauses that may restrict the usage of their name, are they proprietary then ?

That's not the point!
[11:42:16] <marcus> We're only talking about yunohost applications, a filter should be set up as agreed with other yunohost developers
[11:42:29] <Aleks (he/him/il/lui)> Nextcloud and Collabora are yunohost apps
[11:42:36] <marcus> > <@Alekswag:matrix.org> funfact, Nextcloud and Collabora do also have trademark clauses that may restrict the usage of their name, are they proprietary then ?

No, they don't. They don't use a remote proprietary network or proprietary code.
[11:43:22] <Aleks (he/him/il/lui)> so for example Invidious is proprietary because it depends on the usage of Youtube, despite the point being precisely to avoid leaking as much data to Youtube as possible ?
[11:45:47] <marcus> > <@marcus78:matrix.org> sent an image.

I'm only talking about applications that are already tagged on yunohost as using proprietary code, like the ones I've shown you in the screenshots!
[11:46:03] <marcus> It would be nice to add a filtering function to automatically filter them for users who want to filter them.
[11:47:56] <Aleks (he/him/il/lui)> they are not tagged as "using proprietary code", they are tagged as not-totally-free, because these could also be just special licenses such as "the code is open but the enterprise that created the project keeps specific rights over 5 years to facilitate the business model", because like, you know, people need to also have money and therefore build business models despite purists not really caring about that aspect
[11:48:13] <Aleks (he/him/il/lui)> real-life stuff are not binary, it's not "either free or either proprietary"
[11:48:56] <Aleks (he/him/il/lui)> and free software is supposed to be a mean and not an end
[11:49:03] <marcus> > <@Alekswag:matrix.org> so for example Invidious is proprietary because it depends on the usage of Youtube, despite the point being precisely to avoid leaking as much data to Youtube as possible ?

invidious is not a problem, neither is nitter. Because it can be used on the client side and requires no proprietary code on the server side...
[11:49:27] <Aleks (he/him/il/lui)> neither does rocket chat
[11:49:28] <marcus> Aleks (he/him/il/lui): Don't try to complicate things on purpose, I'm only talking about applications that already have warnings in the catalog!
[11:51:54] <lapineige> Then let's define them as such 🙂
So no, there is no filter added as of now.
[11:52:45] <marcus> > <@Alekswag:matrix.org> neither does rocket chat

Rocket Chat uses MongoDB
[11:53:29] <Aleks (he/him/il/lui)> ah so mongodb is proprietary ?
[11:55:06] <marcus> > <@titus:pijean.ovh> That is an excellent suggestion. 👍️

Titus and other members were totally in agreement with the initiative 👍️
Aleks (he/him/il/lui) I don't understand why you're trying to complicate things!
[11:55:58] <Aleks (he/him/il/lui)> i'm just trying to know exactly what are the accurate criteria such that may effectively implement the filter
[11:56:11] <Aleks (he/him/il/lui)> Wekan also depends on Mongodb, should we flag Wekan as proprietary ?
[11:59:11] <marcus> https://aria.im/_matrix/media/v1/download/matrix.org/vmueBwsYmvfzfvSJJsfdTwGH
[11:59:23] <marcus> The catalog indicates that the application is not totally free, and is based on non-free dependencies!
[11:59:32] <marcus> This is not the case with nextcloud
[11:59:51] <lapineige> And appart from the wording and corresponding criteria, yes the filter idea is interresting (to filter out apps with "things you may not like" - while this might be very wide), but no, it was not implemented.
And I don't think the support room is here to ask again about "when feature X will be implemented" each 15 days 🙂
[11:59:56] <Aleks (he/him/il/lui)> it does not says it's based on non-free dependencies, it says the license ha clauses which restricts its use
[12:01:01] <lapineige> The thing is : this could apply to many apps. Nextcloud latest version allows you to connect to chatGPT for instance (which would meet the same criteria as ChatGPT web, which is flagged). It's simply not documented in Yunohost package.
[12:01:38] <lapineige> The thing is : this could apply to many apps. Nextcloud latest versions allow you to connect to chatGPT for instance (which would meet the same criteria as ChatGPT web, which is flagged). It's simply not documented in Yunohost package.
That would be the major drawback of such a filter.
[12:01:41] <marcus> > <@Alekswag:matrix.org> it does not says it's based on non-free dependencies, it says the license ha clauses which restricts its use

Mongodb is no longer under a free license - find out more!
[12:02:11] <Aleks (he/him/il/lui)> maybe you should send an email to the debian team so that they move a bunch of package to their non-free repo then : https://packages.debian.org/search?keywords=mongodb
[12:04:23] <marcus> > The thing is : this could apply to many apps. Nextcloud latest versions allow you to connect to chatGPT for instance (which would meet the same criteria as ChatGPT web, which is flagged). It's simply not documented in Yunohost package.
> That would be the major drawback of such a filter.

Yes, but then it's up to each individual to choose whether or not to connect to CHATGTP, but the application is totally OpenSource from the outset, with no connection to proprietary networks!
[12:05:22] <lapineige> > The thing is : this could apply to many apps. Nextcloud latest versions allow you to connect to chatGPT for instance (which would meet the same criteria as ChatGPT web, which is flagged). It's simply not documented in Yunohost package.
> That would be the major drawback of such a filter.

Besides, I don't see how helpful such a filter could be as it would be hard to trust it (you can't easily reference all apps based on such criterias), considering that before installing any app you have the warning shown.
(And here we are talking about Yunohost developpement in a support room, flooding it 😕)
[12:06:51] <lapineige> What the difference with other tools that are running free software but connect to closed source services (or even just external services, because you don't know what software is running there) then ?
How would you filter them ? (that's basically what Aleks (he/him/il/lui) is asking)
[12:07:10] <marcus> > Besides, I don't see how helpful such a filter could be as it would be hard to trust it (you can't easily reference all apps based on such criterias), considering that before installing any app you have the warning shown.
> (And here we are talking about Yunohost developpement in a support room, flooding it 😕)

The apps are already referenced with the warning messages, you just need to label them so that the filter can filter them.
[12:07:25] <Aleks (he/him/il/lui)> 20euros is a proprietary app, i've never been this sad since Pluto lost its planet status
[12:08:07] <lapineige> My point was : the label is not enough, as it might be missleading, has holes and is not done for all apps.
[12:08:13] <lapineige> My point was : the label is not enough, as it might be missleading, has holes and is not completed for all apps.
[12:10:33] <marcus> > My point was : the label is not enough, as it might be missleading, has holes and is not completed for all apps.

It'll be better than the current state, nothing's perfect, but it'll be a big improvement for users concerned about their privacy and their data!
[12:11:27] <lapineige> What is the big improvement in a flawed filter while you have a big warning shown before installing any app ?
[12:11:28] <Aleks (he/him/il/lui)> free software has no clause guaranteeing privacy or data protection, you can write free software literally to spy on people
[12:11:46] <Aleks (he/him/il/lui)> hell, you can write free software that guide missile to kill people
[12:12:39] <marcus> > <@Alekswag:matrix.org> free software has no clause guaranteeing privacy or data protection, you can write free software literally to spy on people

Which will be quickly debunked since their source code will be open, it's a great idea! ^^
[12:13:35] <Aleks (he/him/il/lui)> "not running mongodb" is not gonna make anybody more free, and in fact if you know anything about the story behind mongodb's license, you should know that it's precisely related to Amazon making unfair use of their "was-free-software"
[12:13:55] <marcus> > <@Alekswag:matrix.org> hell, you can write free software that guide missile to kill people

And we'll know who's doing it, so we can choose whether or not to use them!
[12:14:26] <lapineige> > <@Alekswag:matrix.org> "not running mongodb" is not gonna make anybody more free, and in fact if you know anything about the story behind mongodb's license, you should know that it's precisely related to Amazon making unfair use of their "was-free-software"

(and as far as I understand, mongodb new licence has nothing to do with people privacy and data, but rather no commercial allowed)
[12:14:54] <lapineige> > <@marcus78:matrix.org> And we'll know who's doing it, so we can choose whether or not to use them!

can't you do that now with the warning ?
[12:15:04] <Aleks (he/him/il/lui)> > <@marcus78:matrix.org> And we'll know who's doing it, so we can choose whether or not to use them!

riiiight, let's sue the US government for ... using free software to kill people ? ah oopsi we can't because ... Freedom 0 states you can use software for anything
[12:16:52] <marcus> In any case, I'm not the only one in this situation. I think it would be a great initiative to allow filtering of proprietary applications, in support of the free internet and the OpenSource world!
[12:17:28] <Aleks (he/him/il/lui)> https://media.tenor.com/Qqhtb7KbrGcAAAAC/princess-bride-you-keep-using-that-word.gif
[12:17:36] <lapineige> Well, again, it's not proprietary applications in Yunohost catalog… but anyway, how do you adress these 2 points : 1) there is already a warning 2) the filter will be flawed/missleading in some cases ?
[12:19:52] <marcus> The warning message on the applications concerned begins with the sentence "This app has features you may not like:"
[12:20:02] <marcus> I confirm that I don't like these features, and I'd like to filter out the apps that have them
[12:20:13] <marcus> Thanks for your reply :)
[12:23:38] <lapineige> So, again: 1) such a basic filter will be flawed, excluding some apps while it might not be a good idea, including some while they could have such features but they are just not referenced 2) you have a warning that allow you no to pick them without being aware.
In lack a better proposal, what would justify the cost of developping and implementing such a filter (+ the UI redesign and bloat that comes with it) ?

Also, as for your initial question: no, there is no such filter. And this is not the place to ask for it each 2 weeks or so 🙂
[12:25:22] <mavric34> > Well, again, it's not proprietary applications in Yunohost catalog… but anyway, how do you adress these 2 points : 1) there is already a warning 2) the filter will be flawed/missleading in some cases ?

Why do you think the filter may be faulty?
[12:25:51] <mavric34> I think it's a good idea to integrate it, I didn't know there were proprietary applications in the catalog, I don't use many applications myself!
[12:26:07] <rico416> > <@tsh:envs.net> 🥴

got it back up and running on a fresh install...but still the same issue. any ports that need to be open?
[12:27:58] <lapineige> > <@mavric34:matrix.org> Why do you think the filter may be faulty?

As I tried to explain, mostly because many apps don't have the warning filled (so you think they are filtered out, but they are not), and also because excluding any apps that as a warning may exclude apps that would meet the critera of "not doing any harm to people data/privacy". As the example of mongodb, which could have a warning because "it's not free software licence" (it's debatable, but please no…) because it restricts commercial usage.
[12:28:40] <Aleks (he/him/il/lui)> > <@mavric34:matrix.org> I think it's a good idea to integrate it, I didn't know there were proprietary applications in the catalog, I don't use many applications myself!

maybe because there are no proprietary app
[12:28:52] <lapineige> Because **there is no proprietary apps in Yunohost catalog !!** (that was the whole point of Aleks debating the wording used, because then people start to think there are such apps in the catalog)
[12:29:02] <lapineige> Because **there is no proprietary app in Yunohost catalog !!** (that was the whole point of Aleks debating the wording used, because then people start to think there are such apps in the catalog)
[12:29:11] <Aleks (he/him/il/lui)> like **maybe** things are not binary, big whoop
[12:29:23] <marcus> > So, again: 1) such a basic filter will be flawed, excluding some apps while it might not be a good idea, including some while they could have such features but they are just not referenced 2) you have a warning that allow you no to pick them without being aware.
> In lack a better proposal, what would justify the cost of developping and implementing such a filter (+ the UI redesign and bloat that comes with it) ?
>
> Also, as for your initial question: no, there is no such filter. And this is not the place to ask for it each 2 weeks or so 🙂

It's not up to you to decide for yourself: a filter that excludes applications with features you might not like would be perfectly suited to those who are interested in using it!
[12:30:10] <Aleks (he/him/il/lui)> deciding for ourselves ? we are literally debatting you that decided the project should implement a filter
[12:30:16] <lapineige> > Because **there is no proprietary app in Yunohost catalog !!** (that was the whole point of Aleks debating the wording used, because then people start to think there are such apps in the catalog)

And if people want extra criteria to make their choice of apps to use, no problem, but there can't be a filter for everyone personal criterias
[12:30:56] <mavric34> > <@Alekswag:matrix.org> maybe because there are no proprietary app

If an application depends on a proprietary network or uses proprietary dependencies, then it has a proprietary license
[12:31:35] <Aleks (he/him/il/lui)> i even remember a stupid discussion at some point in the project asking us to allow the inclusion of proprietary apps, because "freedom is supposed to be about choice so we should be able to choose to install proprietary apps !!!" and we had to explain that nope, we're not going to include proprietary apps
[12:31:58] <lapineige> > <@marcus78:matrix.org> It's not up to you to decide for yourself: a filter that excludes applications with features you might not like would be perfectly suited to those who are interested in using it!

I don't understand your point.
The whole thing with Yunohost is : you gonna have to trust other people to have made good choice for you. Even when some information is given to help you make a choice, they are always partial.
Here a warning is shown (and it's partial, yes). You can use that information to make a choice. A filter wouldn't change that.
[12:32:02] <Aleks (he/him/il/lui)> and look at us today, having to explain to free software purists that we don't have proprietary apps
[12:32:29] <marcus> https://aria.im/_matrix/media/v1/download/matrix.org/jFupVbgNBJBaaGgYetiIGSOo
[12:32:31] <Aleks (he/him/il/lui)> > <@mavric34:matrix.org> If an application depends on a proprietary network or uses proprietary dependencies, then it has a proprietary license

then i'll watch you ask the Wekan project to reclassify their project as "proprietary"
[12:32:32] <marcus> Aleks (he/him/il/lui): What don't you understand about proprietary licensing?
[12:33:08] <Aleks (he/him/il/lui)> i don't understand what proprietary means, please, go ahead and explain it to me
[12:36:02] <marcus> Aleks (he/him/il/lui): If you want to know whether an application is proprietary or not, then take a look at https://alternativeto.net to check the licenses and avoid saying that none of the applications in the yunohost catalog are proprietary, because they're not!
[12:37:52] <Aleks (he/him/il/lui)> ah good to know so alternativeto is the source of truth to know if something is proprietary ... maybe we should warn them to flag Debian as proprietary because obviously they ship non-free firmware and even drivers for Mongodb ?
[12:38:43] <lapineige> > <@marcus78:matrix.org> sent an image.

Tell me were the proprietary code that would run on your server is: https://github.com/YunoHost-Apps/zerotier_ynh
(spoiler: there's none)
[12:39:49] <marcus> > <@Alekswag:matrix.org> ah good to know so alternativeto is the source of truth to know if something is proprietary ... maybe we should warn them to flag Debian as proprietary because obviously they ship non-free firmware and even drivers for Mongodb ?

If you don't trust alternativeto, just visit the official websites and depots to check!
[12:40:02] <marcus> Aleks (he/him/il/lui): Are you claiming that ZeroTier is not proprietary?
[12:40:05] <Aleks (he/him/il/lui)> on a more serious tone : we discussed ZeroTier inclusion in the past, among with a couple other apps which have custom licenses. ZeroTier in particular is using the BSL, but because it's open source anyway, and because it doesn't really conflict with the "spirit" of free software (= not the purist one), we elected that it's okay to include it as not-totally-free with a warning. You call this proprietary, we call this not-totally-free. Not agreeing on the semantics, for stuff we already explained.
[12:40:25] <Aleks (he/him/il/lui)> i'm claiming things are not either "free" or "proprietary"
[12:40:49] <Aleks (he/him/il/lui)> debian ships non-free firmware, doesn't make debian "proprietary"
[12:40:56] <Aleks (he/him/il/lui)> but hey i'm probably "making things complicated"
[12:41:41] <Aleks (he/him/il/lui)> maybe we can flag YunoHost with an anti-feature "developped-by-people-who-like-to-make-things-complicated", maybe that'll make us proprietary
[12:44:00] <lapineige> And appart from the semantics: no closed-source code is running on you server if you install this app.
[12:44:42] <Aleks (he/him/il/lui)> "the anti-capitalist license is not free, therefore it must be proprietary, anti-capitalists support fascism, told you, extremes join each-other !"
[12:44:49] <marcus> > <@Alekswag:matrix.org> on a more serious tone : we discussed ZeroTier inclusion in the past, among with a couple other apps which have custom licenses. ZeroTier in particular is using the BSL, but because it's open source anyway, and because it doesn't really conflict with the "spirit" of free software (= not the purist one), we elected that it's okay to include it as not-totally-free with a warning. You call this proprietary, we call this not-totally-free. Not agreeing on the semantics, for stuff we already explained.

I'm not the one who decided that Zerotier is proprietary; even its developers don't claim that it's a free tool. It seems you're making up your own truth.
[12:45:25] <marcus> Aleks (he/him/il/lui): In any case, these applications are not in the spirit of free software, despite what you claim, and many users would disagree with you. That's why the best compromise would be to integrate a filter for these applications.
[12:45:52] <Aleks (he/him/il/lui)> we're totally making up our own truth, because see, the concepts of "proprietary" and "free" are not trademarked, they are sort of free-software themselves, we can fork their definitions, etc
[12:46:52] <Aleks (he/him/il/lui)> sounds like you proprietarized the very concept of free software ¯\\\_(ツ)\_/¯
[12:47:08] <marcus> > <@Alekswag:matrix.org> we're totally making up our own truth, because see, the concepts of "proprietary" and "free" are not trademarked, they are sort of free-software themselves, we can fork their definitions, etc

But this is not the case for some applications, hence the warning messages!
[12:50:26] <lapineige> Then if you like to improve the "things you may not like" warnings and possibly a good, pertinent filter based on it, that can be discussed - but not in a support channel, it's a feature request.
If what you would like is to force Yunohost devs to implement of filter based on your criterias of what is good software and what is no, then I'm happy no one is wasting time on such a filter as you already have a warning that allow you to make your own choices - and I would ask to stop flooding the channel, please.
*A support channel is not made for infinite debates about what define free software and so on, and this consumes a lot of volunteers energy and time while not fulfilling the purpose of a *support* channel*
[12:50:33] <lapineige> Then if you like to improve the "things you may not like" warnings and possibly a good, pertinent filter based on it, that can be discussed - but not in a support channel, it's a feature request.
If what you would like is to force Yunohost devs to implement of filter based on your criterias of what is good software and what is no, then I'm happy no one is wasting time on such a filter as you already have a warning that allow you to make your own choices - and I would ask to stop flooding the channel, please.
_A support channel is not made for infinite debates about what defines free software and so on, and this consumes a lot of volunteers energy and time while not fulfilling the purpose of a _support_ channel_
[12:51:53] <marcus> > Then if you like to improve the "things you may not like" warnings and possibly a good, pertinent filter based on it, that can be discussed - but not in a support channel, it's a feature request.
> If what you would like is to force Yunohost devs to implement of filter based on your criterias of what is good software and what is no, then I'm happy no one is wasting time on such a filter as you already have a warning that allow you to make your own choices - and I would ask to stop flooding the channel, please.
> _A support channel is not made for infinite debates about what defines free software and so on, and this consumes a lot of volunteers energy and time while not fulfilling the purpose of a _support_ channel_

It's not at all based on my personal criteria, they're general and very important criteria that you tend to put in second place. If yunohost can only contain free applications, then it must be possible to fit applications that are not free!
[12:53:18] <nalla22> Je suis d'accord avec ce principe :)
[12:53:21] <lapineige> > It's not at all based on my personal criteria, they're general and very important criteria

Based on… ?
And guess what: Yunohost team made decisions, based on *their* view of what to do and not to do.
[12:53:38] <Aleks (he/him/il/lui)> and you can filter applications that are "not free" (according to your defintion) by
- opening the app's page in the catalog
- choosing wether or not it fits your criteria

we've discussed everything there is to be discussed, as explained by lapineige, the support room is not the place for this, we will start to consider banning people if the conversation goes on
[12:54:31] <lapineige> > If yunohost can only contain free applications, then it must be possible to fit applications that are not free!

Is there a typo, me getting too tired or does this contradicts itselfs ?
[12:54:47] <Aleks (he/him/il/lui)> (probably s/fit/filter)
[12:55:06] <marcus> > <@Alekswag:matrix.org> and you can filter applications that are "not free" (according to your defintion) by
> - opening the app's page in the catalog
> - choosing wether or not it fits your criteria
>
> we've discussed everything there is to be discussed, as explained by lapineige, the support room is not the place for this, we will start to consider banning people if the conversation goes on

You make up your own definitions, it's easy to check whether a tool is free or not
[12:55:38] <Aleks (he/him/il/lui)> we've explained the rationale behind the design before
[12:56:08] <lapineige> > <@marcus78:matrix.org> You make up your own definitions, it's easy to check whether a tool is free or not

We are really going rounds…
[12:56:14] <Aleks (he/him/il/lui)> you disagree with it, fine, now this is the support room
[12:57:10] <marcus> You're even contradicting yourself when it comes to warning messages on applications! ^^
[12:57:23] <lapineige> If you say so 🙂
[12:57:25] <marcus> Well, I don't have time for this anymore. Bye!
[12:57:28] <Aleks (he/him/il/lui)> yes we do, we like designing stuff in a shitty way
[12:57:47] <lapineige> > <@marcus78:matrix.org> Well, I don't have time for this anymore. Bye!

Thanks for eating 1h of volunteer time
[15:10:40] <barking bandicoot> It would appear I have a double NAT issue blocking ports for email. Is it possible to change the email ports to something else that are not blocked??
[15:22:24] <Aleks (he/him/il/lui)> if you mean the outgoing port, then nope, what defines the outgoing port (= 25) is that basically every mail server on the internet supports / expect port 25 ... sure there are probably some random RFC to specificy a new port, but de-facto not every mail server on the internet supports the "should-be-the-new-standard-port"
[15:22:52] <Aleks (he/him/il/lui)> though i don't know what fraction nowadays, maybe only 5% of servers only support port 25, no idea
[15:23:18] <Aleks (he/him/il/lui)> welcome to the wonderful world of "technological legacy hell"
[15:28:32] <barking bandicoot> Ok, thanks.
[15:31:48] <barking bandicoot> https://aria.im/_matrix/media/v1/download/matrix.org/qBXbGNjqvFFXEJHjbKyUBhjv
[15:33:02] <barking bandicoot> I wonder if I plug an openwrt router that I have into the primary router as a bridge if that would work?
[15:40:17] <Aleks (he/him/il/lui)> no idea, everything depends on the exact network topology
[15:41:12] <Aleks (he/him/il/lui)> but if your FAI blocks port 25, adding a router aint randomly going to fix the issue, you'd need to use a VPN to make it so "as if" you were connected from somwhere else
[15:41:28] <Aleks (he/him/il/lui)> s/FAI/ISP*
[15:47:48] <barking bandicoot> Ok, that could work! Openwrt has settings for VPN. Hopefully I still have 1 slot left with Mullvad!
[18:44:43] <ctarx> HI, I'm having trouble with the DynDNS update, and the 'yunohost dyndns update --force' command is giving me an error. Is there anything more I can do? (log https://paste.yunohost.org/raw/obirunarij)
[21:05:31] <mavric34> I found pyload as an application for downloading files via URL in yunohost, but there is another application "AriaNg" much more powerful and easy to use, it is under free license and coded only in html and javascript (so very easy to install) https://ariang.mayswind.net/
[21:05:43] <mavric34> https://aria.im/_matrix/media/v1/download/matrix.org/vsuDRdRuJzTVzqEAPtKDWkDg
[21:06:03] <mavric34> There's also a demo version on the application's website. I think it's much easier to maintain than Pyload!
[21:07:40] <Aleks (he/him/il/lui)> cf https://yunohost.org/en/apps_wishlist
[21:16:03] <Aleks (he/him/il/lui)> sharing a random app at some random hour on the support room is not more useful, people will just have forgotten about it tomorrow
[21:16:03] <Aleks (he/him/il/lui)> few applications on this list are integrated ? maybe you should look harder ...
[21:16:03] <mavric34> Sorry but I know that the wishlist is useless because few applications on this list are integrated, that's why I share here some applications that I find very interesting for yunohost!
[21:16:04] <mavric34> The two applications I've already shared were both integrated into the same evening (stash, gameyfin) by eric_Gwhom I'd like to thank.
[21:16:05] <eric_G> mavric34: this is not true...
[21:16:05] <eric_G> after being integrated into the catalog, application names are removed from the wishlist
[21:17:51] <Aleks (he/him/il/lui)> we had the energy vampire that wanted lets encrypt on IP, we had the energy vampire who wanted a filter for proprietary apps, and now we have the energy vampire explaining us which app the project should be packaging and how to best handle our wishlist
[21:17:52] <Aleks (he/him/il/lui)> what a day
[21:18:45] <mavric34> > <@ericg:matrix.org> after being integrated into the catalog, application names are removed from the wishlist

I know, but if I'd put stash and gameyfin on the wishlist, they still wouldn't be in the catalog right now.
[21:19:12] <mavric34> When I find an application that's really interesting and easy to use, I share it here from time to time, but I wouldn't put them on the wishlist
[21:19:42] <Aleks (he/him/il/lui)> this is the support room mavric34, not the "I'm gonna ask for feature/apps and debate the processes of the project"-room
[21:20:33] <Aleks (he/him/il/lui)> proposing apps that you'd like to be packaged happens via the wishlist, period
[21:21:39] <mavric34> > <@Alekswag:matrix.org> we had the energy vampire that wanted lets encrypt on IP, we had the energy vampire who wanted a filter for proprietary apps, and now we have the energy vampire explaining us which app the project should be packaging and how to best handle our wishlist

I only shared an application I found interesting, I didn't ask for anything special. You create problems every time, I didn't ask you for anything!
[21:25:26] <Aleks (he/him/il/lui)> 1) You shared your app in this room, 2) i politely redirect you to the appropriate place which is the wishlist, 3) you reply that you ain't gonna add it to the wishlist being all like "the wishlist is useless and apps in the wishlist don't get packaged" (like, yeah, sure, that shows how aware you are about the project), 4) I insist saying that your app is just going to fall into oblivion, 5) yet you continue to debate as if you know better
[21:26:51] <Aleks (he/him/il/lui)> i'm both moderator of this room to make sure it's stays on topic, which is asking for support and discussing fixes etc, which turns out was not exactly the primary types of discussion we had today ; and a maintainer of the project, so I can certainly orient people toward what is supposed to be the best practice for stuff such as "proposing an app to be packaged"
[21:30:53] <mavric34> > <@Alekswag:matrix.org> 1) You shared your app in this room, 2) i politely redirect you to the appropriate place which is the wishlist, 3) you reply that you ain't gonna add it to the wishlist being all like "the wishlist is useless and apps in the wishlist don't get packaged" (like, yeah, sure, that shows how aware you are about the project), 4) I insist saying that your app is just going to fall into oblivion, 5) yet you continue to debate as if you know better

It doesn't matter if this app falls into oblivion, it won't keep me awake at night! I shared this app mainly because it's easier to maintain than pyload!
[21:31:20] <mavric34> > <@Alekswag:matrix.org> i'm both moderator of this room to make sure it's stays on topic, which is asking for support and discussing fixes etc, which turns out was not exactly the primary types of discussion we had today ; and a maintainer of the project, so I can certainly orient people toward what is supposed to be the best practice for stuff such as "proposing an app to be packaged"

But why didn't you tell me this when I shared the "stash" and "gameyfin" apps, which were both integrated in the same evening?
[21:31:59] <mavric34> In that case I won't be sharing any more apps here, and of course I won't be using the wishlist!
[21:34:58] <Aleks (he/him/il/lui)> because there's a tolerance about this because we are not crazy nazies that are going to point people's off-topic every time this happens, but considering that today we had already 2 epic huge topics and everybody lost hundreds of mental sanity points, maybe it's about time that we stick to the function of this room which is asking for support, not asking for features and debating the project's processes and acting as if this entire chat is a YunoHost version of Chat GPT packaging anything that you throw at it
[21:35:25] <lapineige> > <@Alekswag:matrix.org> sharing a random app at some random hour on the support room is not more useful, people will just have forgotten about it tomorrow

Worse than that : it's very hard to keep up with the load of messages here, the lack of easy history and so on.
At that game, you would have more luck searching for volunteers in the forum 😉
[21:36:49] <lapineige> > <@mavric34:matrix.org> When I find an application that's really interesting and easy to use, I share it here from time to time, but I wouldn't put them on the wishlist

The wishlist is made for a reason, if you're asking for someone to integrate an app, it's made for this
[21:36:55] <selfhoster1312> wow intense les discussions aujourd'hui, plein de datalove pour vous <3
[21:37:36] <lapineige> > <@mavric34:matrix.org> I only shared an application I found interesting, I didn't ask for anything special. You create problems every time, I didn't ask you for anything!

> that's why I share here some applications that I find very interesting for yunohost!

Then interesting for what in Yunohost, if it's not to be integrated ?
[21:40:47] <lapineige> > <@mavric34:matrix.org> It doesn't matter if this app falls into oblivion, it won't keep me awake at night! I shared this app mainly because it's easier to maintain than pyload!

Easier to maintain… outside of Yunohost then ?
Recommending nice-to-have software for adminsys-like people willing to install them by themself is cool, but that's out of scope for Yunohost. In particular in a support room.
You might create a topic for this in the forum, for my part I don't see any problem, it's good to have references for such possibilities.
But this is not the place, and might result in flooding
[21:46:55] <lapineige> (That said, we're probably a bit harsh in the discussion because of the 2 infinite flooding discussions of the day - sorry about that. What I simply want to say it that is not the right place for sharing this, it would be best to keep it in another place to reduce the flooding here as it's already very time-consuming to follow the support channel, trying to help people)
[22:22:51] <ljf> > <@Alekswag:matrix.org> ne pas faire appel à un DNS externe ... hmmm ... si seulement il existait un mécanisme pour faire littéralement exactement ça

nalla22: je t'encourage à explorer quand même le dnsmasq de YunoHost qui peut permettre de fonctionner en résolveur DNS (avec une petite modif de configuration si tu utilises pas hotspot_ynh). ce résolveur peut tout à fait résoudre des domaines qui ne se terminent pas en .local sur ton réseau local (et d'ailleurs ces domaines peuvent même ne pas être enregistrés si tu n'a spas besoin de let's encrypt).
[22:23:12] <ljf> test
[22:24:20] <lapineige> (wow, ljf qui a le courage de toute remonter, chapeau ^^)
[22:24:55] <ljf> (en fait c'était un bug d'element ou matrix ^^)
[22:27:21] <ljf> nalla22: bon et puisque j'y suis maintenant, je plussoie qu'ouvrir le port interne d'une app sur l'extérieur est une très mauvaise idée, c'est un peu moins craignos sur un réseau local, mais si tu en ai à avoir peur de mitm dans ton réseau local, surtout n'ouvres pas le port interne...
[22:35:33] <nalla22> > <@ljf:sans-nuage.fr> nalla22: bon et puisque j'y suis maintenant, je plussoie qu'ouvrir le port interne d'une app sur l'extérieur est une très mauvaise idée, c'est un peu moins craignos sur un réseau local, mais si tu en ai à avoir peur de mitm dans ton réseau local, surtout n'ouvres pas le port interne...

Malheureusement pas le choix si je veux faire fonctionner les applications entre elles en local sans utiliser de nom de domaine public...
[22:44:38] <nalla22> > <@ljf:sans-nuage.fr> nalla22: je t'encourage à explorer quand même le dnsmasq de YunoHost qui peut permettre de fonctionner en résolveur DNS (avec une petite modif de configuration si tu utilises pas hotspot_ynh). ce résolveur peut tout à fait résoudre des domaines qui ne se terminent pas en .local sur ton réseau local (et d'ailleurs ces domaines peuvent même ne pas être enregistrés si tu n'a spas besoin de let's encrypt).

C'est intéressant, il faudrait que j'y jette un coup d’œil une fois que j'aurai terminer la configuration de ce serveur (car ça m'a déjà occupé un bon moment cette histoire de HTTPS)
[22:45:15] <nalla22> J'ai déjà essayé des scripts comme celui-ci https://github.com/antelle/generate-ip-cert mais ça n'a rien donné pour le moment car nginx ne prend pas en compte le fichier default dans sites-available avec l'installation yunohost
[22:45:32] <nalla22> https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754
[22:48:34] <lapineige> > <@ljf:sans-nuage.fr> nalla22: bon et puisque j'y suis maintenant, je plussoie qu'ouvrir le port interne d'une app sur l'extérieur est une très mauvaise idée, c'est un peu moins craignos sur un réseau local, mais si tu en ai à avoir peur de mitm dans ton réseau local, surtout n'ouvres pas le port interne...

question naïve, c'est quoi les risques (en résumé) à faire cela ?
[22:52:45] <Aleks (he/him/il/lui)> non mais en fait c'est bon, on a déjà fait 5 fois le tour de la discussion, on a expliqué quelles solutions techniques mettre en oeuvre pour résoudre le problème, nalla22 n'a visiblement pas voulu les mettre en oeuvre en dégainant des arguments qui ne tiennent pas debout, maintenant ici c'est la room support, c'est pas la room "faisons un cours d'adminsys à des gens avec leur turbo-edge-case complètement hors-scope du projet qui ensuite nous expliquent qu'ils savent mieux que nous", à un moment c'est bon quoi
[22:53:56] <nalla22> > <@Alekswag:matrix.org> non mais en fait c'est bon, on a déjà fait 5 fois le tour de la discussion, on a expliqué quelles solutions techniques mettre en oeuvre pour résoudre le problème, nalla22 n'a visiblement pas voulu les mettre en oeuvre en dégainant des arguments qui ne tiennent pas debout, maintenant ici c'est la room support, c'est pas la room "faisons un cours d'adminsys à des gens avec leur turbo-edge-case complètement hors-scope du projet qui ensuite nous expliquent qu'ils savent mieux que nous", à un moment c'est bon quoi

Je commence à croire que vous êtes vraiment une mauvaise personne !
Je n'ai pas le droit de répondre aux membres qui s'adresse à moi maintenant ?
[22:54:15] <lapineige> (je crois qu'il est tard 😅)
[22:54:26] <Aleks (he/him/il/lui)> non, juste on arrête avec cette discussion qui tourne en rond et mène à rien
[22:55:54] <nalla22> Vous devez vraiment vous calmer car votre comportement n'est pas normal. Vous avez des soucis pour discuter avec les gens. Bonne soirée !
[22:56:03] <Aleks (he/him/il/lui)> voila.
[22:56:05] <lapineige> Et peut-être que ça vaut le coup de déporter une éventuelle recherche de solution dans un sujet sur le forum ?
[22:56:46] <Aleks (he/him/il/lui)> ou alors peut-être que ça vaut le coup de juste arrêter de parler de ça et de se recentrer sur l'objectif de la room, aka le support de YunoHost
[22:57:20] <lapineige> mon point c'est que si la discussion doit (encore) avoir lieu, c'est plutôt ailleurs qu'ici
[22:58:11] <lapineige> (sur ce, je crois qu'il est trop tard pour pas mal de monde sur ce fuseau horaire, ici c'est l'heure du repos 🙂)