NebLem

Hopefully more projects take advantage of vulnerability scanning and monitoring tools like those in this OWASP list https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools, have good code quality standards to make their projects easier to understand and evaluate, contribute and respond to CVE reports, and get third party security auditing.

All of that is hard to motivated those throwing their code out to the world only to share how they scratched their itch to perform. I think we need a combination of governments and non-profits providing incentives / grants to projects doing good practices, document and provide trusted a forum to validate vulnerabilities, give some backing to “trusted” frameworks, and provide some vulnerability and auditing themselves.

The recent EU push into more government open source usage will help as they will be more incentivized to secure the pipelines and everyone will benefit the fruits of that firehose of funding.

Hopefully things like PineTime, Bangle.js, and the return of Pebble can shake up the market. There’s always neat DIY hacks like the SensorWatch too that can still make the space fun even if the major players get enshittified.

Commercial Windows licenses aren’t typically covered by the equipment installers (or if they are, the cost is passed on to you instead of subsidizing it), have expiration dates, and you’ll want security updates.

I think the comment had the implication that the system would be running on Windows if not Ubuntu.

In addition to Joplin, Logseq is really great too, though with more of a text-first, outline based, zettle approach.

Ready Player One