As someone that used to write 2D games with things like phaserjs, sdl and even directx7, I always regret I never tried Löve2d. I think Android and iOS packaging was also supported. Is this still the case? What if one wants to integrate IAP?
Pretty sure there is still app packaging documented somewhere. There is also, at least for Android, an official Löve2D Launcher app that can open any love-file saved to the phone and execute it. I use that all the time.
The Launcher is available also for old Android versions, which means that old obsolete Android devices (I have some tablets and phones) can be used for whatever it can be fun to still write some GUI for on some spare touchscreen device.
Well done. I enjoyed it and also found it interesting that the js was under 100k and served with br-encoding. I'm using gzip by default everywhere, but maybe should take a look at br for text-based content.
Do we have stats how many germans use something else than Google Android, Samsung Knox or Apple? I recon it should be less than 1% which quite honestly is in fact „all“ citizens.
This is a very, VERY stereotypical Tech Product Manager viewpoint: "N% of users are hard to support edge cases, so we should exclude them." You see this justification everywhere in business. "We'll drop support for [old OS] once it gets to 1% of our user base." "Only 1% of our users have non-Latin characters in their usernames so it's OK to not support that." "1% of our users are on 3G or slower Internet connections, so we don't have to consider them in our performance metrics."
It's a pragmatic, profit-oriented point of view, but not one that makes sense when your mission is to be inclusive of everyone.
This is an unfair and a straw man argument, is it not? Are you also unhappy that in a democracy the 51% choose how the other 49% are going to be governed?
Why device attestation is required is quite well explained by this github comment [0]. I am in the industry and I agree fully with it, because it is a fact a problem for most smart phone users in terms of security.
I think your analogy is flawed. I can be part of the losing 49% and still be entitled to receive the same services as the 51%, whereas people who chose a privacy-oriented OS are essentially going to be excluded from essential governmental services. That's a whole different kind of thing.
I'm not going to replace my 1200 EUR smartphone with a device that forces me to have an account with Apple or Google. I've been issued a German identity card, which is its own computer that includes a digital identity already. I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need. They should just stop excluding me already.
>I' ve been issued a German identity card, which is its own computer that includes a digital identity already.
Then keep using it, instead of the not-mandatory app?
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Sure. In the mean time, do we tell the other few dozen millions that don't have an expensive card reader to go fuck themselves, or can we get to work on a solution that, even if not ideal, makes their lives easier?
> They should just stop excluding me already.
They aren't. You said it yourself, your ID is in your pocket.
Sure, that's why they stopped receiving paper letters for tax declarations once they setup Elster.
Oh, wait, they didn't, my bad. You can still declare your taxes with good old paper. The only people that can't are self employed, and that's because they have a different set of obligations with higher demands
Telecoms shut down 3G once 4G had rolled out. TV networks killed DVB-T after DVB-T2 went live. Banks have abandoned FinTS for app-based 2FA.
Your comment compares a paper-based, non-digital process with a digital one. My criticism, however, is about abandoning an old digital (but vendor-neutral and inclusionary) process in favor of a new (and discriminatory) one.
Well, in all seriousness what examples could you give me here in terms of device hardware attestation? Even GrapheneOS does use Google root certificates to attest your device. There is indeed an option for EUDI to keep a list of keys and I bet this is probably the way they are going to go for Android in the future. We shouldn't forget this is still in the planing phase.
> to have an account with Apple or Google.
True for Google, not true for Apple. Device attestation on iOS does not require you to have an iCloud account or sign into some Apple services. It works entirely using device hardware ids.
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Nope. This is eID and verifies your identity, it does not attest the security of your hardware. These are two different problems we talk about here.
> My Librem 5 runs an FSF-endorsed OS and has a smartcard.
Ok, so how does that help with device attestation? If I am an app developer how does it tell me that your OS has not been tempered with or actually that my app has not been tempered with? Are there any cryptographic keys stored in a secure place on the device that the Librem vendor can verify?
> This is extremely misleading.
But it's not. It's an architectural difference between how Google and Apple implemented attestation. Apple stores the generated keys in a secure part on your device and certifies them. The rest is your job as an app developer. And as a user, you do not have your iCloud or iTunes account used for device attestation. In contrast Google and its Play services are an integral part of the attestation workflow.
For Apple it's evident from their docs. As a side note: I do try to learn more about this, because of an incoming project concerning it.
> You can’t rely on your app’s logic to perform security checks on itself because a compromised app can falsify the results. Instead, you use the shared instance of the DCAppAttestService class in your app to create a hardware-based, cryptographic key that uses Apple servers to certify that the key belongs to a valid instance of your app. Then you use the service to cryptographically sign server requests using the certified key. Your app uses these measures to assert its legitimacy with any server requests for sensitive or premium content.
> Nope. This is eID and verifies your identity, it does not attest the security of your hardware.
The reader and its firmware is already certified by the federal IT security agency BSI for use with eID and banking. Why shouldn’t I be allowed to use that for whatever digital identity wallet thing the EU is cooking up?
Correct me if I’m wrong please, but this is a mobile Wallet app, an enclave, for government issued documents: Ausweis, Diploma, etc. How does a card reader come into the workflow here? I don’t quite get your point.
Currently, the card reader is the only thing that allows me to do banking and use government services on Linux. If at some point, governmental services decide to drop support for the physical-card-plus-reader systems and move everything to mobile wallets instead (like many banks already did), then I can’t do shit anymore without Apple or Google.
That's a silly argument, not only because many important changes require a 2/3 majority.
My point was that the government and its services (German or otherwise) should be available to all citizens/residents, regardless of their choice (or lack) mobile device.
There's a big difference between having to run a particular company's OS and being forced to share private data (whether that's merely your DNS requests or your ID documents and full financial history). with said organization.
In fact „all“ citizens who are willing to be surveilled by Google and Apple, unless German government provides each citizen with similar eID hardware there won't be any digital equality any time soon. Maybe they should pay to some subsidiary company of IBM (like RedHat) to do this, they already have such a good track record of storing nationality on their machines /s
I've been thinking about this. If you have any kind of home network with attached storage at all, setting your local Git to just use that seems like a logical step.
And then if you're still paranoid do a daily backup to like Dropbox or something.
It's nuanced. Spotify is a giant, I think the example you're looking for here is Soundcloud. They almost went bust, but managed to get the ads business right and seem to be afloat now. So I think you're right in that sense, but also wrong in the sense that if I'm building a desktop app or tooling software, my business is probably much easier to get replicated and displaced.
reply