-
@ 57d1a264:69f1fee1
2025-02-14 05:45:37
### a practical intro to contributing to FOSS for product people, and other non-devs
So you want to contribute to FOSS, but don’t know where to start. There are many paths to FOSS, but you must find your own. Here’s some advice based on personal experience to help you get started.
### 0\. Find your motivation
FOSS requires a lot of giving, and better aligns with those that are missionaries, as opposed to the mercenaries. Perhaps you are unfulfilled in your fiat job, maybe you are currently unemployed, or perhaps you are excited about a particular bitcoin project. Why you’re exploring contributing to FOSS, is a question that only you can answer.
 Are you a missionary?
### 1\. Discover what excites you
So you’ve found motivation and have a list of various FOSS projects you could contribute to. This is the equivalent of the “I need a job” stage and you’re figuring out where to apply. It’s time to narrow it down.
What are you excited about? A multi-year pilgrimage of learning how to contribute to Bitcoin Core? A lightning wallet, perhaps? Free speech Nostr? A hardware signing device? Or maybe finding a FOSS projects that is not “Bitcoin” in name, but happens to support Bitcoin, and Lightning.
A great first step is to take some time and explore the Bitcoin Design Community ([https://bitcoin.design/](https://bitcoin.design/)) to discover FOSS projects.
 Are you excited anon?
### 2\. Identify the skills you have or want to develop
Chances are that if you follow the Bitcoin Product Community, you’re skills are in Product Management, Product Marketing, and/or Project Management. But contributing to a bitcoin project requires contributors with skills of many backgrounds such as marketing, documentation, community building, and more.
What’s important to know is that most FOSS teams start with a motivated developer, who then may attract other devs. But many of them may not advertise that they need non-developer help such as a PM.
Therein lies the opportunity for you as an eager bitcoin contributor. See what the needs of a project are and see if you can fill in those gaps with your skills. It may be as simple as coordinating meetings for the team. But doing the “dirty work”, or the work no one else wants to do, is exactly the way you can make an immediate impact to a FOSS project. In fact, this is why members of the Bitcoin Product Community affectionately refer to product managers as “[janitors](https://medium.com/all-things-product-management/product-manager-you-are-664d83ee702e)”!
### 3\. Make a list of projects
Now that you have narrowed down your FOSS search, it is time to start building a list of, and evaluating various FOSS products. Some questions you can ask yourself:
Is the project active? Is it a new project? How many team members are there? How many are devs? Is there already a PM? Is there a need for multiple PMs? Is there designer participation? What is the pace of development? Is there enough development activity for this to satisfy your want to contribute? Is there opportunity for a PM?
Github is the defacto standard for FOSS products. Check the activity. Read up on issues. See who is contributing PRs, and creating issues. Check if there is a Github Project instance.
It’s OK, and best for you to check out out multiple FOSS projects concurrently to see which team is the best fit for both parties.
### 4\. Use the thing(s)!
Another thing you can do to help you choose a project is to use the thing! Download the OS. Run the software. Use it.
As you’re interacting with the product, some things you can ask yourself are:
What do you love about the product? What can be improved? Are there bugs?
Jot down your notes. Take screenshots. Do screen recordings. Document your experience. Create a video onboarding walkthrough, or a feature tutorial. What you are actually doing is documentation and this will be useful for the project, even if you don’t decide to actively contribute.
As you use the thing, take note of how you’re reacting to it. Are you getting more or less excited? Are you more or less confident in contributing to the project?
### 5\. Find out where the team works
Another factor to consider is to figure out where the team works.
By now you have already explored their github to collect your FOSS intelligence. Now check nostr, twitter, telegram, or whatever other comms tools the team might be using. Some teams may have calls, and call recordings. Consider listening in to a recording, and/or joining a call to check the team dynamics.
As you do, assess whether you might be a good culture fit. Also see where there might be some gaps in their workflow that you can help improve.
### 6\. Start small
Once you found a project that interests and excites you enough. It’s time to roll up your sleeves and get involved by starting small.
One easy place to start is to go through the github issues list. Some examples of issues in dev heavy teams are e extremely technical bug reports. For FOSS products with an active user base, there might be “customer” centric feature requests.
Start by logging the bug(s) you found. Examine issues, and fill in the blanks if there are unclearly defined reports & requests.
You don’t have to ask for permission to contribute. That said, evaluate team dynamics and who owns what role so you are not stepping on anyone’s toes. You are there to help.
Also take note of how your help is received. It may take time for you to build up your credibility. Don’t throw in the towel on the first week. Keep finding ways to add value.
### 7\. Show up consistently
Keep contributing in small things day in and day out. As you do so, communicate with the team to ramp up your learning, and also start building rapport, and your reputation. You may not have time or opportunity to contribute full-time. With the state of asynchronous communication tools in 2023, you can flexibly contribute when you have time. An exception to the asynchronous communication may be team meetings.
As you continue to show up consistently, you will build up your FOSS proof-of-work, and reputation. This will show FOSS devs, and contributors that you bring value.
### 8\. Find and meet the “customer”
Find, and interact with the project’s users a.k.a “customers”. What do they care about? What are their pain points? What needs are customers using the product for? Become the “voice of the customer” to the dev heavy team.
Is there a conference where your team is presenting, and customers present? These are invaluable opportunities to observe the customer’s behavior, and also to help answer questions, and troubleshoot on the spot.
### 9\. Increase your involvement
After some time starting small and working on bugs, you may eventually find yourself submitting feature requests. Maybe there is an opportunity to create user flows, or mockups. As you consistently contribute, continue seeking more responsibility.
Maybe you offer to facilitate and lead the next team call. Maybe you try creating a roadmap and backlog from scratch. Maybe you host a product & design thinking session. Maybe you will level up and learn how to check out a dev’s PR in a yet-to-released branch.
No matter what you do, be sure to always bring value to the project.
 Testing an unreleased Damus branch checked out on XCode
### 10\. Prune, Commit, Repeat
Congratulations! By now you’ve been doing a “trial run” with several projects. It’s time to focus and choose one(s) that you can commit to.
As you contribute to the project on an ongoing basis, continuously reevaluate if there is opportunity for you to increase your contributions. If you feel that you’ve maxed that out, it may be time to look for a different FOSS product to contribute to. Perhaps a complementary product to your initial one.
As you embark on this journey, it can be exhilarating at times and in other times thankless. To find a community of peers, and perhaps a mentor check in with the Bitcoin Product Community [Discord](https://discord.gg/Ztvwn8fycA), and introduce yourself. The beauty of open source is people are willing to help FOSS products, and to answer your questions.
[https://youtu.be/ZUgQPR6ecuo](https://youtu.be/ZUgQPR6ecuo)“FOSS is the way” - Rockstar dev, @ Advancing Bitcoin Conference London 2023. The author thanks Rockstar for inspiration, and guidance through my FOSS journey.
As you continue to sweep the FOSS floors with your product [mop](https://medium.com/all-things-product-management/product-manager-you-are-664d83ee702e), remember that you are contributing to the mission that you believe in. You are working in the open, with even less authority than a PM at a company might have, and as a result leveling up. You build up your reputation in FOSS, and you show others your capabilities in the FOSS world (and also prospective employers, and co-founders) by doing.
Hopefully this helps you get started. Reach out to [elsat on nostr](https://njump.me/npub1zafcms4xya5ap9zr7xxr0jlrtrattwlesytn2s42030lzu0dwlzqpd26k5) if you have questions about the FOSS journey, and join the Bitcoin Product Community Discord.
Posted on @YakiHonne by @elsat
Source: https://yakihonne.com/article/nevent1qqswn2mdwcfscsvv8cfc8scmcfpy0urnf0xgh0dxrvav583y85mkryspz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzq96n3hp2vfmf6z2y8uvvxl97xk86kkalnqghx4p25lzl79c76a7yjfa8zs
originally posted at https://stacker.news/items/885573
-
@ 89ccea93:df4e00b7
2025-02-13 17:34:06
**[Original Post](https://expatriotic.me/grapheneos/)**
## Core Philosophy
1. **Privacy ≠ Optional**: Prevents mass data collection by design
2. **Security > Convenience**: Sacrifices "smart" features for exploit resistance
3. **Transparency**: Every line of code [auditable](https://github.com/GrapheneOS)
4. **Device Sanity**: Removes 2M+ lines of Google telemetry code
5. **Proactive Hardening**: Replaces reactive "vulnerability whack-a-mole" with systemic memory safety improvements. 73% of Android CVEs prevented via Scudo++ allocator and Rust integration.
6. **Hardware Paradox**: Uses Google Pixels *because* of their Titan M2 secure enclave (physically separate from main CPU, Verified Boot with user-defined root of trust, Firmware-level MAC randomization (prevents Wi-Fi tracking)).
7. **Support Superiority**: GrapheneOS support for Pixel phones is 2 years longer Google's.
> *"We're eliminating entire vulnerability classes - not just patching holes."*
## **History**
* Born in **2014** as **CopperheadOS**
* **2016**: First Pixel support (Google's hardware + de-Googled OS)
* Rebranded in **2019** after a developer split. Focuses exclusively on Pixel phones.
* **2021**: **Scudo++** with quarantines (NSA-grade exploit mitigation)
* **2023**: Full Rust integration (prevents buffer overflows in core OS)
* **2023**: Controversial lead dev, Daniel Micay, stepped down but remains director
* **2024**: Quantum-resistant encryption prototypes
> *"Our Auditor app detects hardware tampering better than Apple's T2 chip."*
## **Installation**
* **Minimum**: Pixel 4a
* **Recommended**: Pixel 7a (5-year update guarantee)
* **Backup data first**: unlocking bootloader wipes device
### **Beginners: Web Installer**
1. Enable OEM Unlock:
`Settings → About → Tap Build Number 7x → Developer Options → OEM Unlocking`
2. Visit [grapheneos.org/install](https://grapheneos.org/install)
3. Connect phone → Follow prompts (20 minutes)
### **Advanced: CLI install**
* Full CLI guide: [grapheneos.org/install/cli](https://grapheneos.org/install/cli) (8 minutes)
>*"We're proving iPhones aren't the only secure option - just better marketed."*
### **Post-Install Checklist**
[ ] Deny all "convenience" permissions
[ ] Enable Sensors Off toggle
[ ] Install Auditor app
[ ] Sensors Killswitch: `Quick Settings → Toggle Off`
[ ] Network Restrictions:
```markdown
Settings → Network & Internet → Firewall
- Enable per-connection MAC randomization
- Block local network discovery
```
[ ] Auditor Validation: Daily automated checks against Google's hardware certs
## Setting up
### **Priority Sources**
1. **Accrescent** (Pre-installed)
- Molly (Signal fork)
- Aves Gallery (EXIF stripping)
- AppVerifier (APK validation)
2. **Obtainium** ([GitHub](https://github.com/ImranR98/Obtainium))
```markdown
1. Search "[App] GitHub releases"
2. Copy releases page URL
3. Paste into Obtainium → Auto-updates enabled
```
- *Example*: NewPipe → `https://github.com/TeamNewPipe/NewPipe/releases`
3. **Google Play** (Last Resort)
- Use separate profile
- Burner account: Fake name + **NO phone number**
## FOSS Apps
* Accrescent - Privacy-focused app store
* Aegis - 2FA authenticator
* Amethyst - Nostr decentralized social client
* AndBible - Offline Bible study
* Antennapod - Podcast manager
* AppVerifier - APK signature validation
* Ashigaru - Bitcoin wallet with Ricochet
* Aves Gallery - Gallery with EXIF stripping
* Brave - Anti-fingerprinting browser
* Easy Noise - Offline white noise generator
* Easy Note - Minimalist notes
* Envoy - Bitcoin wallet
* IronFox - Hardened Firefox fork
* KeePassDX - Offline password manager
* Léon - URL tracking stripper
* LocalSend - AirDrop alternative
* Material Files - File manager
* Molly - Signal fork with local encyption
* Monero.com - Official Monero wallet
* NetGuard - No-root firewall
* NewPipe - YouTube client with SponsorBlock
* Nextcloud - Self-hosted cloud suite
* OpenKeychain - PGP encryption
* Organic Maps - Offline navigation
* Orbot - Tor proxy
* Proton Drive - E2E encrypted storage
* Proton Mail - Zero-access email
* RedReader - Privacy-first Reddit client
* Simple Calendar Pro - Telemetry-free calendar
* Telegram FOSS - Decentralized messaging
* Tor Browser - Onion-routed browsing
* Twidere - Twitter/Fediverse client
* Tuta - Encrypted email
* Tuta Calendar - Encrypted calendar
* Vanadium - Hardened Chromium
* Zeus - Bitcoin Lightning node
> _"Your phone is a corporate surveillance device that happens to make calls. GrapheneOS removes the spyware OS while keeping the secure hardware."_
## **Silent.Link eSIM: Anonymous Connectivity**
**No Phone Number Required**
Visit [Silent.Link](https://silent.link) → Select data plus eSIM plan (with NO phone number).
```I've used this successfully in many countries. It even gives me unfettered and free internet in China. Be sure to pick the telecom company based on what they charge per GB of data. The difference can be 100x!```
## Support the Project:
- **Donate**: [grapheneos.org/donate](https://grapheneos.org/donate)
- **Community**: [grapheneos.org/contact](https://grapheneos.org/contact)
>*"GrapheneOS isn't about becoming a privacy expert overnight. It's about systematically removing corporate surveillance hooks - one app, one permission, one profile at a time."*
## Moar Halp
* **[Side Of Burritos](https://www.youtube.com/playlist?list=PLHvdaysg3bMyYwJAcxbFUY9YqKKC0Dtrd)**
* **[Hated One interview with GrapheneOS dev Gabe](https://www.youtube.com/watch?v=WkQ_OCzuLNg)**
originally posted at https://stacker.news/items/884965
-
@ e3ba5e1a:5e433365
2025-02-13 06:16:49
My favorite line in any Marvel movie ever is in “Captain America.” After Captain America launches seemingly a hopeless assault on Red Skull’s base and is captured, we get [this line](https://www.youtube.com/shorts/kqsomjpz7ok):
“Arrogance may not be a uniquely American trait, but I must say, you do it better than anyone.”
Yesterday, I came across a comment on the song [Devil Went Down to Georgia](https://youtu.be/ut8UqFlWdDc) that had a very similar feel to it:
America has seemingly always been arrogant, in a uniquely American way. Manifest Destiny, for instance. The rest of the world is aware of this arrogance, and mocks Americans for it. A central point in modern US politics is the deriding of racist, nationalist, supremacist Americans.
That’s not what I see. I see American Arrogance as not only a beautiful statement about what it means to be American. I see it as an ode to the greatness of humanity in its purest form.
For most countries, saying “our nation is the greatest” *is*, in fact, twinged with some level of racism. I still don’t have a problem with it. Every group of people *should* be allowed to feel pride in their accomplishments. The destruction of the human spirit since the end of World War 2, where greatness has become a sin and weakness a virtue, has crushed the ability of people worldwide to strive for excellence.
But I digress. The fears of racism and nationalism at least have a grain of truth when applied to other nations on the planet. But not to America.
That’s because the definition of America, and the prototype of an American, has nothing to do with race. The definition of Americanism is *freedom*. The founding of America is based purely on liberty. On the God-given rights of every person to live life the way they see fit.
American Arrogance is not a statement of racial superiority. It’s barely a statement of national superiority (though it absolutely is). To me, when an American comments on the greatness of America, it’s a statement about freedom. Freedom will always unlock the greatness inherent in any group of people. Americans are *definitionally* better than everyone else, because Americans are freer than everyone else. (Or, at least, that’s how it should be.)
In *Devil Went Down to Georgia*, Johnny is approached by the devil himself. He is challenged to a ridiculously lopsided bet: a golden fiddle versus his immortal soul. He acknowledges the sin in accepting such a proposal. And yet he says, “God, I know you told me not to do this. But I can’t stand the affront to my honor. I am the greatest. The devil has nothing on me. So God, I’m gonna sin, but I’m also gonna win.”
*Libertas magnitudo est*
-
@ 57d1a264:69f1fee1
2025-02-13 00:28:45
This past week, @erik_ and @Sushant have been working on improving the onboarding flow for [Sovran](https://sovranbitcoin.com/) bitcoin wallet. First revision on thee figma file below, would appreciate any feedback.
https://www.figma.com/design/inNLo6AaPMX26D3GumcXGC/UI%2FUX-Audit--Onboarding-User-Flow?node-id=0-1&t=Wl0EVhH5fJgYYSJI-1
If you want to review the UX audit of the current flow, see the feedback provided, and check Sushant's initial suggestions, you can do so here:
https://www.figma.com/board/Jfo4nLIKyR6lacokXze4Mv/Sovran-Onboarding-UX-Audit?node-id=0-1&t=gOZyo57zfeqxFXeB-1
originally posted at https://stacker.news/items/884272