Komunitas
beehaw.org
https://crates.io/search?q=fnmatch https://crates.io/crates/fnmatch-regex at version v0.2.1, repository: https://gitlab.com/ppentchev/fnmatch-regex-rs https://crates.io/crates/fnmatch-regex2 at version v0.4.0, repository: https://gitlab.com/brmmm3/fnmatch-regex2-rs (DO NOT SIGN IN, UNTIL WE KNOW ITS SAFE) I was looking through some crates and noticed there is “fnmatch-regex2”, just below “fnmatch-regex”. The second one is newer; 4 months ago updated, compared to the original 12 months ago updated. And it has more recent downloads and a “higher version number”. My first thought was, this either adds new functionality, or the old one is abandoned maybe? Looking in readme and documentation, I could not find anything that describes the differences. Looking at the source code on Gitlab, the first crate just shows it normally to me, but the second wants me to log in. My alarm glocks go on. Even the changelog for both are identical at version 0.2.1 (the original crate 1) without any word about changes, but the crate repository shows it should be at version v0.4.0. I would like to know what you guys think about it. I can’t even audit the code right now, even if its the same Gitlab instance on gitlab.com. Should this be reported? Or am I just paranoid? EDIT: After asking in Discord, someone said I can view the source code in Docs.rs: https://docs.rs/crate/fnmatch-regex2/0.4.0/source/ . This is much better, but I am still cautious. I still don’t know what the actual changes are and would need to dive into the code and compare to find out. Which is not really something I expect to do from a trustful library.
Komunitas
lemmy.dbzer0.com
In the case of 1337x.to, the megathread lists 1377x.to as the fake replica of it. In terms of quality, 1337x.to is one of the best public torrent indexers. While I personally prefer not to use YTS releases due to their low quality, and can’t seem to find a legitimate YTS link that yts.mx would be the replica of, as long as you’re downloading via Prowlarr rather than going to the website itself, the only risk is the trustworthiness of the releases, rather than the possibility of ads or otherwise unwanted links on the website itself.
Komunitas
lemmy.ml
Let’s just look at actual academic studies on USSR Professor of Economic History, Robert C. Allen, concludes in his study without the 1917 revolution is directly responsible for rapid growth that made the achievements listed above possible: https://web.archive.org/web/20200119044114/https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.507.8966&rep=rep1&type=pdf Study demonstrating the steady increase in quality of life during the Soviet period (including under Stalin). Includes the fact that Soviet life expectancy grew faster than any other nation recorded at the time: https://www.jstor.org/stable/2672986?seq=1 A large study using world bank data analyzing the quality of life in Capitalist vs Socialist countries and finds overwhelmingly at similar levels of development with socialism bringing better quality of life: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1646771/pdf/amjph00269-0055.pdf This study compared capitalist and socialist countries in measures of the physical quality of life (PQL), taking into account the level of economic development. https://pubmed.ncbi.nlm.nih.gov/2430906/ This study shows that unprecedented mortality crisis struck Eastern Europe during the 1990s, causing around 7 million excess deaths. The first quantitative analysis of the association between deindustrialization and mortality in Eastern Europe. https://academic.oup.com/cje/advance-article/doi/10.1093/cje/beac072/7081084?guestAccessKey=01c8dd9f-af1c-48b3-b271-eb5d3a45017c&login=false Romania, the inustrialization of an agrarian economy under socialist planning https://documents1.worldbank.org/curated/en/888851468333915517/pdf/multi0page.pdf Then, we can look at how do people who lived under communism feel now that they got a taste of capitalism? A remarkable 72% of Hungarians say that most people in their country are actually worse off today economically than they were under communism. Only 8% say most people in Hungary are better off, and 16% say things are about the same. In no other Central or Eastern European country surveyed did so many believe that economic life is worse now than during the communist era. This is the result of almost universal displeasure with the economy. Fully 94% describe the country’s economy as bad, the highest level of economic discontent in the hard hit region of Central and Eastern Europe. Just 46% of Hungarians approve of their country’s switch from a state-controlled economy to a market economy; 42% disapprove of the move away from communism. The public is even more negative toward Hungary’s integration into Europe; 71% say their country has been weakened by the process. The most incredible result was registered in a July 2010 IRES (Romanian Institute for Evaluation and Strategy) poll, according to which 41% of the respondents would have voted for Ceausescu, had he run for the position of president. And 63% of the survey participants said their life was better during communism, while only 23% attested that their life was worse then. Some 68% declared that communism was a good idea, just one that had been poorly applied. Glorification of the German Democratic Republic is on the rise two decades after the Berlin Wall fell. Young people and the better off are among those rebuffing criticism of East Germany as an “illegitimate state.” In a new poll, more than half of former eastern Germans defend the GDR. A poll shows that as many as 81 per cent of Serbians believe they lived best in the former Yugoslavia -“during the time of socialism”. The survey focused on the respondents’ views on the transition “from socialism to capitalism”, and a clear majority said they trusted social institutions the most during the rule of Yugoslav communist president Josip Broz Tito. The standard of living during Tito’s rule from the Second World War to the 1980s was also assessed as best, whereas the Milosevic decade of the 1990s, and the subsequent decade since the fall of his regime are seen as “more or less the same”. 45 percent said they trusted social institutions most under communism with 23 percent choosing the 2001-2003 period when Zoran Djinđic was prime minister. Only 19 per cent selected present-day institutions. 75% of Russians have expressed increasingly positive opinions about the Soviet Union over the years. Only a small portion of those surveyed said they had negative associations with the Soviet Union. The economic deficit, long lines and coupons were named by 4% of respondents each, while the Iron Curtain, economic stagnation and political repressions were named by 1% each, the Levada Center said. Adult mortality increased enormously in Russia and other countries of the former Soviet Union when the Soviet system collapsed 30 years ago. https://archive.ph/9Z12u Former Soviet Countries See More Harm From Breakup https://news.gallup.com/poll/166538/former-soviet-countries-harm-breakup.aspx
Komunitas
mander.xyz
Hi all. I recently bought a Philips hue smart plug to control a lamp. I quite quickly realized that it was more complex than I thought. Not only did I need to install the DIYHue add-on to simulate a Hue bridge, I also needed to download the Philips Hue app, or some 3rd party app called Hue essentials, to connect the smart plug (via the DIYHue bridge add-on?) to the home assistant? I don’t want to install any app from Philips. Also it didn’t work. Isnt there a way to simply control a bulb or plug from the home assistant, running on a Raspberry pi, without having to install any corporate bullshit? Sorry for the swearing. Im just frustrated that this all turned out to be so complex.
Komunitas
feddit.de
Strange, months-old versions work fine for me, and the update is not too difficult either. On an ARM64 device, you open RVX Manager, check for the recommended YouTube version, download it from APKMirror, optionally check its hash, pick it in RVX Manager, and patch it (takes 2-5 minutes). You can also press the 💾 icon to save the trusted APK you made so you can share it to other devices, including ARMv7 ones.
Komunitas
sh.itjust.works
Quite the opposite, after fiddling with it for six months I fully uninstalled flatpak and deleted the directory to get away from the fact it kept downloading copies of nvidia drivers when I had moved to an AMD a year ago, and the drivers were locked from being manually removed even after I uninstalled all flatpak packages. I’m an Arch user, trust me when I say I read the documentation. After wasting hours on it I nuked it.
Komunitas
lemmy.ml
I’ve been keeping a list of alternatives for a while now that I really like: Pulsar - An actively developed fork of Atom once Microsoft killed it off. Disclosure: I’m on the Pulsar team so I’m more than a little biased here but if you want to get involved we are always after people who want to contribute and we have a very friendly and active Discord server. First thing we did was re-implement the package backend and migrate it so we were able to keep the thousands and thousands of community packages for download. Lite-XL - A really lightweight and fast editor written in C and Lua that is very actively developed. I use this on some less powerful systems. Lapce - Another lightweight and very fast editor written in Rust and is in the middle of moving to their own UI framework. Not that extensible at the moment but supports LSP plugins. Then for terminal based editors I really like Helix which is vim-like but uses a selection -> action model (like Kakoune). I really like it because it requires almost no configuration.
Komunitas
lemmy.ml
I didn’t add the google tools to my LineageOS install, so I don’t have the play store. Would kind of like Cash App, my bank app, etc, but don’t want to download from a random site for obvious reasons. For instance, cash app is available here. Is there a trustworthy source for these kinds of apks? Or does everyone just use websites/do without.
Komunitas
slrpnk.net
As somebody whose wife just downloaded opera onto the family computer I am horrified. She’s been complaining that the internet is slow and has blamed it on protonvon, so has resorted to turning the vpn off when using the internet or discord. I remember after Twin Peaks season 3 came out, showtime was stating left and right how profitable the show was, and then accusations started flying that the show was so profitable because showtime was taking over the browser while people were watching and mining bitcoin in the background without telling people they were doing so. I trust Opera about a thousand times less just because I had never hears of them until a week or two ago.
Komunitas
ibbit.at
Discord had a data breach back on September 20th, via an outsourced support contractor. It seems it was a Zendesk instance that was accessed for 58 hours through a compromised contractor user account. There have been numbers thrown around from groups claiming to be behind the breach, like 1.6 Terabytes of data downloaded, 5.5 million user affected, and 2.1 million photos of IDs. Discord has pushed back on those numbers, stating that it’s about 70,000 IDs that were leaked, with no comments on the other claims. To their credit, Discord has steadfastly refused to pay any ransom. There’s an interesting question here: why were Discord users’ government issued IDs on record with their accounts? The answer is fairly simple: legal compliance. Governments around the world are beginning to require age verification from users. This often takes the form of a scan of valid ID, or even taking a picture of the user while holding the ID. There are many arguments about whether this is a good or bad development for the web, but it looks like ID age verification is going to be around for a while, and it’ll make data breaches more serious. In similar news, Salesforce has announced that they won’t be paying any ransoms to the group behind the compromise of 39 different Salesforce customers. This campaign was performed by calling companies that use the Salesforce platform, and convincing the target to install a malicious app inside their Saleforce instance. Unity [RyotaK] from Flatt Security found an issue in the Unity game engine, where an intent could influence the command line arguments used to launch the Unity runtime. So what’s an intent? On Android, an Intent is an object sent between applications indicating an intention. It’s an intra-process messaging scheme. So the problem here is that when sending an intent to a Unity application on Android, a command line option can be included as an extra option. One of those command line options allows loading a local library by name. Since a malicious library load results in arbitrary code execution, this seems like a pretty big problem. At first it seems that this doesn’t gain an attacker much. Doesn’t a malicious app already need to be running on the device to send a malicious intent? The reality is that it’s often possible to manipulate an innocent app into sending intents, and the browser is no exception. The bigger problem is that a malicious library must first be loaded into a location from which the Unity app can execute. It’s a reasonably narrow window for practical exploitation, but was still scores an 8.4 severity. Unity has released fixes for versions all the way back to 2019.1. Code Smell: Perl? We have two stories from WatchTwr, packed full of the sardonic wit we have to expect from these write-ups. The first is about Dell’s UnityVSA, a Virtual Storage Appliance that recently received a whole slew of security fixes for CVEs. So WatchTowr researchers took a look at the patch set from those fixes, looking for code smell, and found… Perl? Turns out it wasn’t the presence of Perl that was considered bad code smell, though I’m sure some would argue that point. It was the $exec_cmd variable that wasn’t escaped, and Perl backticks were used to execute that string on the system. Was there a way to inject arbitrary bash commands into that string? Naturally, there is. And it’s a reasonably simple HTTP query to run a command. A security advisory and updated release was published by Dell at the end of July, fixing this issue. Poetic Flow of Vulnerabilities There’s an active exploitation campaign being waged against Oracle E-Business Suite instances, using a zero-day vulnerability. This exploit works over the network, without authentication, and allows Remote Code Execution (RCE). It appears that a threat group known as Graceful Spider, another great name, is behind the exploitation. The folks at WatchTowr got their hands on a Proof of Concept, and have reverse engineered it for our edification. It turns out it’s a chain of little weaknesses that add up to something significant. It starts with a Server-Side Request Forgery (SSRF), a weakness where a remote service can be manipulated into sending an additional HTTP request on to another URL. This is made more significant by the injection of a Carriage Return/Line Feed (CRLF) attack, that allows injecting additional HTTP headers. Another quirk of the PoC is that it uses HTTP keep-alive to send all of the malicious traffic down a single HTTP session. And the actual authentication bypass is painfully classic. A /help path doesn’t require authentication, and there is no path traversal protection. So the SSRF connection is launched using this /help/…/ pattern, bypassing authentication and landing at a vulnerable .jsp endpoint. That endpoint assembles a URL using the Host: header from the incoming connection, and fetches and parses it as an eXtensible Stylesheet Language (XSL) document. And XSL documents are unsafe to load from untrusted sources, because they can lead directly to code execution. It’s a wild ride, and a great example of how multiple small issues can stack up to be quite significant when put together. Bits and Bytes Caesar Creek Software did an audit on a personal medical device and found issues, but because fixes are still being reviewed by the FDA, we don’t get many details on what exactly this is. Reading between the lines, it sounds like a wearable glucose monitor. It’s based on the nRF52 platform, and the best bit of this research may be using power line fault injection to get Single Wire Debug access to the MCU. They also found what appears to be a remote leak of uninitialized memory, and a Bluetooth Low Energy Man in the Middle attack. Interesting stuff. And finally, [LaurieWired] has a great intro to the problem of trusting trust with a bit of bonus material on how to build and obfuscate quines while at it. How do you know your compiler binary doesn’t have malware in it? And how do you establish trust again? Enjoy! From Blog – Hackaday via this RSS feed
Komunitas
lemmy.dbzer0.com
Hi everyone, I tried to patch Premier Pro but with no success, I’m only posting a post here because the confirmation email link from Stoat (previously Revolt) doesn’t work -> Error 404). And I therefore cannot follow the steps there per previous post on the topic. Here are the steps I did updated CC to latest version Turned off Windows 11 Defender downloaded GenP 3.6.9 (Binary), opened as Admin Patched CC Opened CC, downloaded Premier Closed CC File > Quit CC Opened GenP 3.6.9 as Admin, Searched > Patched > Unpacked > Searched, Patch (Logs bellow as Logs 1) Opened Premier Pro from the windows search bar, and the TOS message still pops up (weirdly it’s poping in French, but my system is US English (tho I can read French) Realized “Always Search for ACC” was left checked Searched and Patched again -> Logs 2 Agree to Condition message still pops up WinTrust Clicked Toggle WinTrust > Untrust -> Nothing happened Toggle Reg Key > Nothing happened Agree to Condition message still pops up Posting now after having restarted the PC. I will move on to the Hostfiles firewall tmr, as I’m out of time tonight. If you see any mistakes please let me know, I appreciate your help and patience ! Logs 1: Logs: Activity Log GenP Version: 3.6.9 - CGP Config Version: 3.6.9 - CGP Unpacking 1 file(s): Processing: C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll Successfully unpacked: C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll Unpack process completed. 1 file(s) successfully unpacked and can now be patched. 31 File(s) were found in 17 second(s) Checking File: dvaappsupport.dll - using Custom Patterns Searching for: TeamProjectEnabler: 488379???740A488379???7403B001C332C0C3 Searching for: TeamProjectEnabler2: 488D4B08FF15???004885C07408B0014883C4205BC332C04883C4 Replacing with: 488D4B08FF15FA1213004885C07408B0014883C4205BC3B0014883C4 C:\Program Files\Adobe\Adobe Premiere Pro 2025\dvaappsupport.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x188C12DE04348520C0B8890922F17966 Checking File: Registration.dll - using Default Patterns Searching for: Banner: 72656C6174696F6E7368697050726F66696C65 Replacing with: 78656C6174696F6E7368697050726F66696C65 Searching for: Banner2: 000000000000000072656C6174696F6E Replacing with: 000000000000000078656C6174696F6E Searching for: CmpEax61: 8B??85C074??83F80674???83???007D Searching for: CmpEax62: 8B??85C074??83F80674???83???007D Searching for: CmpEax63: 8B???85C074??83F80674???83???007D Replacing with: C743200300000083F806740048837B5800EB Searching for: CmpEax64: 8B???85C074??83F80674???83???007D Searching for: Good1: C7???1045???45???33??48???FF15 Searching for: Profile1: 00007504488D4850 Searching for: Profile2: 00007504488D5050 Replacing with: 00007500488D5050 Searching for: ProfileExpired1: 85C075???75??B892010000E9 Searching for: ProfileExpired3: 85C075???75??B892010000E9 Searching for: ProfileExpired4: 488D4D??483B??0F???000048???4889??4885C9 Searching for: ProfileExpired5: 488B0B4889034885C974??BA04000000E8???B00148 Searching for: ProfileExpired6: E8???4885C974??BA04000000E8???4C8D5C Searching for: ProfileExpired7A: 75??8D4E18E8???4889442420488BD04885C00F84??050000 Searching for: ProfileExpired7B: 75??8D??18E8???488BD048894424384885C00F84??040000 Searching for: ProfileExpired7C: 75??B918000000E8???488945C0488BD04885C00F84??050000 Replacing with: 6690B918000000E8FEA21400488945C0488BD04885C0660F1F440000 Searching for: ProfileExpired7D: 75??8D4E18???488BD048???4885C00F84??050000 Searching for: ProfileExpired7E: 75??8D4F18E8???48894424200F57C00F1100C7 Searching for: ProfileExpired8A: 00C740??01000000???488908C740109201 Replacing with: 00C7400801000000C7400C01000000488908C740100000 Searching for: ProfileExpired8B: 00C740??01000000???01488908488D4810C7019201???0F84 Searching for: ProfileExpired8C: 75??8D4F18E8???0F57C00F110048???48890848???C70192010000 Searching for: ValidateLicense1: 83F80175??BA94010000 Searching for: ValidateLicense2: 83F8040F95C281C293010000 Replacing with: 83F8040F95C2BA0000000090 Searching for: ValidateLicense3: 83F8040F95C181C193010000 C:\Program Files\Adobe\Adobe Premiere Pro 2025\Registration.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x912A9BE9254B7AFD69D2C8866095491D Checking File: RuntimeInstaller.dll - using Custom Patterns Searching for: Good1: C7???1045???45???33??48???FF15 Replacing with: C7442420010000004533C94533C033D2488D0D5FFD2100FF15 C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x46FA89E3093F4CB55E8E2C421F8D27A1 Checking File: SweetPeaSupport.dll - using Custom Patterns Searching for: HevcMpegEnabler3: FF50??0FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Searching for: HevcMpegEnabler4: FF50???0FB6 C:\Program Files\Adobe\Adobe Premiere Pro 2025\SweetPeaSupport.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x4245B6E3DE219AA94C5569DB74E719C4 Checking File: 4.js - using Custom Patterns Searching for: JS5: 52656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\js\4.js File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0xD486FE8B5D93D8B4E93A5DD95CFEF73B Checking File: manifest.json - using Custom Patterns Searching for: Version1: 6363782E7374617274222C0A20202276657273696F6E223A2022??2E Replacing with: 6363782E7374617274222C0A20202276657273696F6E223A2231302E Searching for: Version2: 6363782E7374617274222C0A20202276657273696F6E223A2022???2E C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\manifest.json File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x9C5E1829185A47A896349883EE409AC0 Logs 2 Activity Log GenP Version: 3.6.9 - CGP Config Version: 3.6.9 - CGP Unpacking 1 file(s): Processing: C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll Successfully unpacked: C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll Unpack process completed. 1 file(s) successfully unpacked and can now be patched. 31 File(s) were found in 17 second(s) Checking File: dvaappsupport.dll - using Custom Patterns Searching for: TeamProjectEnabler: 488379???740A488379???7403B001C332C0C3 Searching for: TeamProjectEnabler2: 488D4B08FF15???004885C07408B0014883C4205BC332C04883C4 Replacing with: 488D4B08FF15FA1213004885C07408B0014883C4205BC3B0014883C4 C:\Program Files\Adobe\Adobe Premiere Pro 2025\dvaappsupport.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x188C12DE04348520C0B8890922F17966 Checking File: Registration.dll - using Default Patterns Searching for: Banner: 72656C6174696F6E7368697050726F66696C65 Replacing with: 78656C6174696F6E7368697050726F66696C65 Searching for: Banner2: 000000000000000072656C6174696F6E Replacing with: 000000000000000078656C6174696F6E Searching for: CmpEax61: 8B??85C074??83F80674???83???007D Searching for: CmpEax62: 8B??85C074??83F80674???83???007D Searching for: CmpEax63: 8B???85C074??83F80674???83???007D Replacing with: C743200300000083F806740048837B5800EB Searching for: CmpEax64: 8B???85C074??83F80674???83???007D Searching for: Good1: C7???1045???45???33??48???FF15 Searching for: Profile1: 00007504488D4850 Searching for: Profile2: 00007504488D5050 Replacing with: 00007500488D5050 Searching for: ProfileExpired1: 85C075???75??B892010000E9 Searching for: ProfileExpired3: 85C075???75??B892010000E9 Searching for: ProfileExpired4: 488D4D??483B??0F???000048???4889??4885C9 Searching for: ProfileExpired5: 488B0B4889034885C974??BA04000000E8???B00148 Searching for: ProfileExpired6: E8???4885C974??BA04000000E8???4C8D5C Searching for: ProfileExpired7A: 75??8D4E18E8???4889442420488BD04885C00F84??050000 Searching for: ProfileExpired7B: 75??8D??18E8???488BD048894424384885C00F84??040000 Searching for: ProfileExpired7C: 75??B918000000E8???488945C0488BD04885C00F84??050000 Replacing with: 6690B918000000E8FEA21400488945C0488BD04885C0660F1F440000 Searching for: ProfileExpired7D: 75??8D4E18???488BD048???4885C00F84??050000 Searching for: ProfileExpired7E: 75??8D4F18E8???48894424200F57C00F1100C7 Searching for: ProfileExpired8A: 00C740??01000000???488908C740109201 Replacing with: 00C7400801000000C7400C01000000488908C740100000 Searching for: ProfileExpired8B: 00C740??01000000???01488908488D4810C7019201???0F84 Searching for: ProfileExpired8C: 75??8D4F18E8???0F57C00F110048???48890848???C70192010000 Searching for: ValidateLicense1: 83F80175??BA94010000 Searching for: ValidateLicense2: 83F8040F95C281C293010000 Replacing with: 83F8040F95C2BA0000000090 Searching for: ValidateLicense3: 83F8040F95C181C193010000 C:\Program Files\Adobe\Adobe Premiere Pro 2025\Registration.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x912A9BE9254B7AFD69D2C8866095491D Checking File: RuntimeInstaller.dll - using Custom Patterns Searching for: Good1: C7???1045???45???33??48???FF15 Replacing with: C7442420010000004533C94533C033D2488D0D5FFD2100FF15 C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x46FA89E3093F4CB55E8E2C421F8D27A1 Checking File: SweetPeaSupport.dll - using Custom Patterns Searching for: HevcMpegEnabler3: FF50??0FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Replacing with: FFC0900FB6 Searching for: HevcMpegEnabler4: FF50???0FB6 C:\Program Files\Adobe\Adobe Premiere Pro 2025\SweetPeaSupport.dll File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x4245B6E3DE219AA94C5569DB74E719C4 Checking File: 4.js - using Custom Patterns Searching for: JS5: 52656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 Replacing with: 58656C6174696F6E7368697050726F66696C65 C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\js\4.js File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0xD486FE8B5D93D8B4E93A5DD95CFEF73B Checking File: manifest.json - using Custom Patterns Searching for: Version1: 6363782E7374617274222C0A20202276657273696F6E223A2022??2E Replacing with: 6363782E7374617274222C0A20202276657273696F6E223A2231302E Searching for: Version2: 6363782E7374617274222C0A20202276657273696F6E223A2022???2E C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\manifest.json File patched by GenP 3.6.9 - CGP + config 3.6.9 - CGP MD5 Checksum: 0x9C5E1829185A47A896349883EE409AC0 28 File(s) were found in 12 second(s) Checking File: dvaappsupport.dll - using Custom Patterns Searching for: TeamProjectEnabler: 488379???740A488379???7403B001C332C0C3 Searching for: TeamProjectEnabler2: 488D4B08FF15???004885C07408B0014883C4205BC332C04883C4 C:\Program Files\Adobe\Adobe Premiere Pro 2025\dvaappsupport.dll No patterns were found or file already patched. Checking File: Registration.dll - using Default Patterns Searching for: Banner: 72656C6174696F6E7368697050726F66696C65 Searching for: Banner2: 000000000000000072656C6174696F6E Searching for: CmpEax61: 8B??85C074??83F80674???83???007D Searching for: CmpEax62: 8B??85C074??83F80674???83???007D Searching for: CmpEax63: 8B???85C074??83F80674???83???007D Searching for: CmpEax64: 8B???85C074??83F80674???83???007D Searching for: Good1: C7???1045???45???33??48???FF15 Searching for: Profile1: 00007504488D4850 Searching for: Profile2: 00007504488D5050 Searching for: ProfileExpired1: 85C075???75??B892010000E9 Searching for: ProfileExpired3: 85C075???75??B892010000E9 Searching for: ProfileExpired4: 488D4D??483B??0F???000048???4889??4885C9 Searching for: ProfileExpired5: 488B0B4889034885C974??BA04000000E8???B00148 Searching for: ProfileExpired6: E8???4885C974??BA04000000E8???4C8D5C Searching for: ProfileExpired7A: 75??8D4E18E8???4889442420488BD04885C00F84??050000 Searching for: ProfileExpired7B: 75??8D??18E8???488BD048894424384885C00F84??040000 Searching for: ProfileExpired7C: 75??B918000000E8???488945C0488BD04885C00F84??050000 Searching for: ProfileExpired7D: 75??8D4E18???488BD048???4885C00F84??050000 Searching for: ProfileExpired7E: 75??8D4F18E8???48894424200F57C00F1100C7 Searching for: ProfileExpired8A: 00C740??01000000???488908C740109201 Searching for: ProfileExpired8B: 00C740??01000000???01488908488D4810C7019201???0F84 Searching for: ProfileExpired8C: 75??8D4F18E8???0F57C00F110048???48890848???C70192010000 Searching for: ValidateLicense1: 83F80175??BA94010000 Searching for: ValidateLicense2: 83F8040F95C281C293010000 Searching for: ValidateLicense3: 83F8040F95C181C193010000 C:\Program Files\Adobe\Adobe Premiere Pro 2025\Registration.dll No patterns were found or file already patched. Checking File: RuntimeInstaller.dll - using Custom Patterns Searching for: Good1: C7???1045???45???33??48???FF15 C:\Program Files\Adobe\Adobe Premiere Pro 2025\RuntimeInstaller.dll No patterns were found or file already patched. Checking File: SweetPeaSupport.dll - using Custom Patterns Searching for: HevcMpegEnabler3: FF50??0FB6 Searching for: HevcMpegEnabler4: FF50???0FB6 C:\Program Files\Adobe\Adobe Premiere Pro 2025\SweetPeaSupport.dll No patterns were found or file already patched. Checking File: 4.js - using Custom Patterns Searching for: JS5: 52656C6174696F6E7368697050726F66696C65 C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\js\4.js No patterns were found or file already patched. Checking File: manifest.json - using Custom Patterns Searching for: Version1: 6363782E7374617274222C0A20202276657273696F6E223A2022??2E Searching for: Version2: 6363782E7374617274222C0A20202276657273696F6E223A2022???2E C:\Program Files\Adobe\Adobe Premiere Pro 2025\UXP\plugins\com.adobe.ccx.start\manifest.json No patterns were found or file already patched.
Komunitas
hexbear.net
Off the coast of Tokyo, along the Izu archipelago, lies a quaint island measuring ten kilometers across—Rokkenjima, private land, sole property of alcoholic curmudgeon Kinzo Ushiromiya. Kinzo has four children, who each in turn have children of their own. Every year, the branch families reconnect on Rokkenjima for a family meeting. Despite the forecasted typhoon, for all intents and purposes, it’s business as usual—save for a returning guest. Kinzo has his foot in the grave. If he had a choice, he’d scatter his fortune to the winds. He doesn’t care to pen a will. There’s just one person he has to see again while he still breathes—the one who haunts Rokkenjima, the Golden Witch, Beatrice. Battler, eighteen, has been estranged from the Ushiromiyas for six years, due to the circumstances surrounding his father Rudolf’s prompt remarriage after widowing. After the death of his maternal grandparents, Battler decides to bury the hatchet and attend the next family reunion. Unbeknownst to him, there may be unburied ones lying in wait. Does Beatrice ‘exist’? Did she grant Kinzo his fortune? What’s with the morbid riddle under her portrait in the hall? Are there really ten tons of gold somewhere on Rokkenjima? Why do the servants keep calling themselves ‘furniture’? Is Battler intelligent? Who needs the most therapy? Is there a correct way to read stories? Does true love only exist in the next world? Is magic real? ~~One could say… it’s a mystery…~~ On October 4th, 1986, Rokkenjima had a population of eighteen. But when the seagulls cried… Umineko no Naku Koro ni (lit. When the Seagulls Cry) is the second serialization under doujin circle 07th Expansion’s When They Cry banner—serialized visual novels penned by Ryukishi07. Besides Umineko, he is also known for Higurashi no Naku Koro ni, the prior entrant in the series, as well as his most recent work, Silent Hill f. Serialized after the conclusion of Higurashi, Umineko was written between and released in episodic chunks for each Comiket, from Comiket 72 (August 2007) to Comiket 79 (December 2010). As with Higurashi, Umineko is organized into two blocks of four episodes, respectively localized as Questions and Answers arcs. There are three generally agreed upon ways to best experience Umineko: The official Steam port: Questions Arc, Answers Arc Both entries are 40% off on steam until October 6th. Comes with the Original and MangaGamer sprite sets. With this version, it is recommended to also install 07th-Mod, which adds voice acting (Japanese), PS3 sprites/backgrounds as additional visual options, and general QoL. The fan port of the PS3 release: Umineko Project This has the PS3 sprites (only) and voice acting built in, as well as animations that are not present in 07th-Mod. ~~the password is 035646750436634546568555050~~ The manga adaptation, which you can find online at various Sites[^1] If you can stomach long VNs, I’d recommend the VN. If not, the manga is generally regarded to be the next best way to experience the story. My personal recommendation is to use Umineko Project ~~(since you can get it for free with just some setup)~~—though, if you want to read with the Original/MangaGamer sprites, MangaGamer CGs, and/or Original backgrounds, use the Steam release. ::: spoiler Spriteset comparison (open dropdown) ::: Links: 🐻 Link to all Hexbear comms 📀 Come listen to music and watch movies with your fellow Hexbears in Cy.tube 🔥 Read and talk about a current topics in the News Megathread ⚔ Come talk in the New Weekly PoC thread 🏳️⚧️ Talk with fellow Trans comrades in the New Weekly Trans thread 👊 New Weekly Improvement thread 🧡 Disabled comm megathread ☕ Parenting Chat 🐉 Anime & Manga discussion thread Reminders: 💚 You can join specific comms to see posts about all sorts of topics 💙 Hexbear’s algorithm prioritizes comments over upbears 💜 Sort by new 🐶 Join the unofficial Hexbear-adjacent Mastodon instance, toots.matapacos.dog Resources: Aid: 🌈 LGBTQ+ Resource Post 🍉 Resources for Palestine 🐌☕ Zapatista Coffee Theory: ❤️Foundations of Leninism ❤️Anarchism and Other Essays [^1]: not on mangadex, got DMCA’d in the recent sweep. The site I used for my reread was WeebCentral, though be wary and use an adblocker at the very least.
Komunitas
ibbit.at
Both Google and Apple recently removed Red Dot, an app people can use to report sightings of ICE officials, from their respective app stores, 404 Media has found. The move comes after Apple removed ICEBlock, a much more prominent app, from its App Store on Thursday following direct pressure from U.S. Department of Justice officials. Google told 404 Media it removed apps because they shared the location of what it describes as a vulnerable group that recently faced a violent act connected to these sorts of ICE-spotting apps—a veiled reference to ICE officials. The move signals a broader crackdown on apps that are designed to keep communities safe by crowdsourcing the location of ICE officials. Authorities have claimed that Joshua Jahn, the suspected shooter of an ICE facility in September and who killed a detainee, searched his phone for various tracking apps. A long-running immigration support group on the ground in Chicago, where ICE is currently focused, told 404 Media some of its members use Red Dot. 💡Do you know anything else about these apps and their removal? Do you work at Google, Apple, or ICE? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at [email protected]. “Ready to Protect Your Community?” the website for Red Dot reads. “Download Red Dot and help build a stronger protection network.” The site provides links to the app’s page on the Apple App Store and Google Play Store. As of at least Friday, both of those links return errors. “This app is currently not available in your country or region,” says the Apple one, and “We’re sorry, the requested URL was not found on this server,” says the Google one. The app allows people to report ICE presence or activity, along with details such as the location and time, according to Red Dot’s website. The app then notifies nearby community members, and users can receive alerts about ICE activity in their area, the website says. Google confirmed to 404 Media that it removed Red Dot. Google said it did not receive any outreach from the Department of Justice about this issue and that it bans apps with a high risk of abuse. Without talking about the shooting at the ICE facility specifically, the company said it removed apps that share the location of what it describes as a vulnerable group after a recent violent act against them connected to this sort of app. Google said apps that have user generated content must also conduct content moderation. Google added in a statement that “ICEBlock was never available on Google Play, but we removed similar apps for violations of our policies.” Google’s Play Store policies say the platform does not allow apps that “promote violence” against “groups based on race or ethnic origin, religion, disability age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization,” but its published policies do not include information about how it defines what types of groups are protected. Red Dot did not respond to a request for comment. On Thursday Apple told 404 Media it removed multiple ICE-spotting apps, but did not name Red Dot. Apple did not respond to another request for comment on Friday. On Thursday Joshua Aaron, the developer of ICEBlock, told 404 Media “I am incredibly disappointed by Apple’s actions today. Capitulating to an authoritarian regime is never the right move,” referring to Apple removing his own app. ICEBlock rose to prominence in June when CNN covered the app. That app was only available on iOS, while Red Dot was available on both iOS and Android. “ICEBlock is no different from crowd sourcing speed traps, which every notable mapping application, including Apple’s own Maps app, implements as part of its core services. This is protected speech under the first amendment of the United States Constitution,” Aaron continued. “We are determined to fight this with everything we have. Our mission has always been to protect our neighbors from the terror this administration continues to reign down on the people of this nation. We will not be deterred. We will not stop. #resist.” That move from Apple came after pressure from Department of Justice officials on behalf of Attorney General Pam Bondi, according to Fox. “ICEBlock is designed to put ICE agents at risk just for doing their jobs, and violence against law enforcement is an intolerable red line that cannot be crossed. This Department of Justice will continue making every effort to protect our brave federal law enforcement officers, who risk their lives every day to keep Americans safe,” Bondi told Fox. The Department of Justice declined to comment beyond Bondi’s earlier comments. The current flashpoint for ICE’s mass deportation effort is Chicago. This week ICE raided an apartment building and removed everyone from the building only to ask questions later, according to local media reports. “They was terrified. The kids was crying. People was screaming. They looked very distraught. I was out there crying when I seen the little girl come around the corner, because they was bringing the kids down, too, had them zip tied to each other," one neighbor, Eboni Watson, told ABC7. “That’s all I kept asking. What is the morality? Where’s the human? One of them literally laughed. He was standing right here. He said, 'f*** them kids.’” Brandon Lee, communications lead at Illinois Coalition for Immigrant and Refugee Rights, told 404 Media some of the organization’s teams have used Red Dot and similar apps as a way of taking tips. But the organization recommends people call its hotline to report ICE activity. That hotline has been around since 2011, Lee said. “The thing that takes time is the infrastructure of trust and training that goes into follow-up, confirmation, and legal and community support for impacted families, which we in Illinois have been building up over time,” he added. “But I will say that at the end of the day it’s important for all people of conscience to use their skills to shine some light on ICE’s operations, given the agency’s lack of transparency and overall lack of accountability,” he said, referring to ICE-spotting apps. In ICEBlock’s case, people who already downloaded the app will be able to continue using but will be unable to re-download it from the Apple App Store, according to an email from Apple Aaron shared with 404 Media. Because Red Dot is available on Android, users can likely sideload the app—that is, install it themselves by downloading the APK file rather than from the Play Store. The last message to Red Dot’s Facebook page was on September 24 announcing a new update that fixed various bugs. Update: this piece has been updated to include a response from the Department of Justice. From 404 Media via this RSS feed
Komunitas
ibbit.at
For the past couple of weeks, a community of developers who use the programming language Ruby have been closely following a dramatic change in ownership of some of the most essential tools in its ecosystem with far reaching impacts for the worldwide web. If you’re not familiar with Ruby or the open source development community, you probably haven’t heard about any of this, but the tools in question serve as critical infrastructure for gigantic internet services like GitHub, Shopify, and others, so any disruption to them would be catastrophic to those companies, their users, and vast swaths of the internet. On September 19, Ruby Central, a nonprofit organization that manages RubyGems.org, a platform for sharing Ruby code and libraries, asserted control over several GitHub repositories for Ruby Gems as well as other critical Ruby open source projects that the rest of the Ruby development community relies on. A group of open source developers who had contributed to those projects and maintained them for years had their permissions suddenly revoked. When these developers announced on social media that their access was taken away, many Ruby developers saw the decision as a betrayal of their years-long contributions to the Ruby ecosystem and open source principles more generally. Others accused Ruby Central of succumbing to corporate pressure from companies like Shopify, which they claimed wanted more control over the project. In some ways, this whole affair is an example of why this stuff gets really messy when people start getting paid I’ve spent the last week talking to people who had direct involvement with Ruby Central’s decision, the contributors who were ousted, and developers in the Ruby community. I’ve heard accusations of greed, toxic personalities, and stories about years-long feuds between people, at times in open disagreement, who ultimately govern some of these important open source tools. RubyGems.org and other critical Ruby tools have so far not been interrupted during this transition, but the incident sheds light on a basic truth about the internet and open source development: Much of the technology we use every day and take for granted is being maintained by a small number of developers who are not compensated for that work or get paid very little when compared to salaries at big tech companies. Open source development continues to make much of the internet possible, but as some of these tools become more important and financially valuable, they’re subject to more scrutiny and pressure from the community, organizations, and companies that rely on them. “In some ways, this whole affair is an example of why this stuff gets really messy when people start getting paid, and once you start introducing formal organizations and employees and nonprofits and lawyers and all this kind of complexity,” Mike McQuaid, developer of the popular package manager Homebrew, which is built with Ruby, told me. McQuaid has talked to and offered to mediate between Ruby Central and the ousted maintainers. “This is a textbook case of what happens when there’s this conflict between what companies want, what nonprofit individuals want, how much responsibility people have when they take money, who gets control and when. How much democracy versus just ‘I have the power to do something, therefore I’m going to do it.’” With Ruby developers can download and use self-contained packages of code that add different functionalities to a Ruby project. These packages are called gems, and are distributed primarily via RubyGems.org, where developers can upload gems they’ve developed or download gems from other developers. The ability to download gems and plug them into different projects is very useful and convenient for Ruby developers, but can create complications. Different gems are developed by different teams and are updated at different times with bug fixes and new features, and might not necessarily be compatible or play well with one another as they evolve. This is where Bundler comes in. As its website explains, “Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed.” So, for example, if a developer is building a Ruby project and wants to use gems X, Y, and Z, Bundler will pull the versions of those gems that are compatible with one another, providing developers an easy solution for what Bundler describes as “dependency hell.” Bundler is an open source project that was initially developed by Yehuda Katz, but the GitHub repository for the project was created and was administrated by André Arko. In 2015, Arko also founded a nonprofit trade organization named Ruby Together, which raised funds from developers and companies that use Ruby in order to maintain Bundler and other open source tools. I will not mince words here: This was a hostile takeover RubyGems.org, the site and service, is governed by Ruby Central, a nonprofit founded in 2001, which also organizes several Ruby conferences like RubyConf and RailsConf. In 2022, Arko’s Ruby Together and Ruby Central merged, “uniting the Ruby community’s leading events and infrastructure under one roof,” according to Ruby Central’s site. Bundler’s and RubyGems.org’s work often overlapped both in their goals and the developers who worked on them, but operated across two different GitHub organizations, each with its own repositories. To streamline development of these open source projects, Bundler also joined the Ruby Gems GitHub organization in 2022. In 2023, Ruby Central established the Open Source Software Committee, which according to its site oversees RubyGems, Bundler, and RubyGems.org, focusing on infrastructure stability, security, and sustainability. A confusing and central point of disagreement between Ruby Central and the maintainers it ousted on September 19 is rooted in the merging of Ruby Together and Ruby Central and the difference between RubyCentral.org the service, essentially an implementation of the Ruby Gems codebase on an AWS instance, which both parties agree Ruby Central owns and operates, and the Ruby Gems the codebase that lives in the same GitHub organization as Bundler. According to a recording of a mid-September Zoom meeting which I obtained between Marty Haught, Ruby Central’s Director of Open Source, Arko, and the other ousted contributors, Ruby Central maintains that the codebase and GitHub organization became its responsibility when Ruby Central merged with Ruby Together in 2022. The ousted contributors’ position is that members of Ruby Central, like Haught, can be owners of the GitHub organization, but that ownership of the RubyGems codebase and other projects in the GitHub organization belong to the contributors, who don’t have a detailed governance model but historically have governed by consensus. Arko made this argument to me in a recent interview, but also outlined that argument in a blog post, where he also shared the merger agreement between Ruby Central and Ruby Together. It shows that Ruby Together would dissolve and that Ruby Central would be in charge of raising and allocating funds for development, but does not explicitly say Ruby Central takes ownership of the RubyGems and Bundler projects or the GitHub organization. To make matters even more complicated, Arko was at once a contributor to these open source projects, a contributor to RubyGems.org the service, an owner of the GitHub organization, and an advisor to Ruby Central’s Open Source Software Committee. In May, Arko resigned his position as an advisor to Ruby Central’s Open Source Software Committee, but continued his work as a contributor. Arko told me he resigned his advisory role because of Ruby Central’s last minute invitation of David Heinemeier Hansson, better known online as DHH, as a keynote speaker at RailsConf. Arko told me he objected to that decision because of DHH’s “horrifying, racist, misogynist, politics” and DHH’s “personal vendetta” against him. In 2021, back at Motherboard, we reported that many employees at DHH’s company, Basecamp, quit after his decision to ban any discussion of politics at work, which many employees saw as squashing discussion about race, bias, and diversity. Arko told me that DHH’s “personal vendetta” against him stemmed from Arko not wanting to support a certain feature DHH wanted added to Bundler, after which DHH demanded Arko be removed from the Ruby Together board. The current controversy erupted on social media on September 19, when one contributor to the open source projects in the RubyGems and Bundler GitHub organization, Ellen Dash, announced that Haught, Ruby Central’s Director of Open Source, revoked GitHub organization membership for all admins on the RubyGems, Bundler, and RubyGems.org maintainer teams. At that moment, their permissions and access to the GitHub organization were revoked, meaning they could no longer make any changes or contributions to the code, and Haught, representing Ruby Central, took control. “I will not mince words here: This was a hostile takeover,” Dash said in a public “goodbye” letter she shared online. “I consider Ruby Central’s behavior a threat to the Ruby community as a whole. The forceful removal of those who maintained RubyGems and Bundler for over a decade is inherently a hostile action. Ruby Central crossed a line by doing this.” The news was seen by many developers in the Ruby and open source community as betraying the dedication and labor that Dash, Arko, and other maintainers put into these tools for years. Ruby Central, meanwhile, describes the move as one centered around security. “With the recent increase of software supply chain attacks, we are taking proactive steps to safeguard the Ruby gem ecosystem end-to-end,” Ruby Central said in an explanation of its decision. “To strengthen supply chain security, we are taking important steps to ensure that administrative access to the RubyGems.org, RubyGems, and Bundler is securely managed. This includes both our production systems and GitHub repositories. In the near term we will temporarily hold administrative access to these projects while we finalize new policies that limit commit and organization access rights. This decision was made and approved by the Ruby Central Board as part of our fiduciary responsibility. In the interim, we have a strong on-call rotation in place to ensure continuity and reliability while we advance this work. These changes are designed to protect critical infrastructure that power the Ruby ecosystem, whether you are a developer downloading gems to your local machine [or] a small or large team who rely on the safety and availability of these tools.” 404 Media has covered the kind of recent supply chain attacks targeting open source projects that Ruby Central is referring to. Earlier this month, a critical JavaScript development tool Node Package Manager (NPM), was targeted by a similar supply chain attack. But not everyone in the Ruby development community bought the explanation that security was at the heart of the recent moves. One reason for that is a public statement from a Ruby Central board member and treasurer Freedom Dumalo. On Substack, Dumalo apologized for the sudden change and how it was communicated. “If Ruby Central made a critical mistake, it’s here,” he wrote. “Could these conversations have been happening in public? Could the concerns we were hearing from companies, users and sponsors have been made more apparent? Probably. But I remind you we don’t have a ‘communications team’, no real PR mechanism, we are all just engineers who (like many of you I’m sure) go heads down on a problem until it’s solved.” Dumalo reiterated that RubyGems and Bundler are critical infrastructure that are now increasingly under the threat of supply chain attacks, and said that the companies that rely on them “count” on Ruby Central do everything it can to keep them and their users safe. However, Dumalo also said that Ruby Central was under “deadline” to make this change. “Either Ruby Central puts controls in place to ensure the safety and stability of the infrastructure we are responsible for, or lose the funding that we use to keep those things online and going,” Dumalo wrote. In a September 22 video message in response to criticism about its decision to remove maintainers, Ruby Central’s executive director Shan Cureton described a similar dynamic. She said “sponsors and companies who depend on Ruby tooling came to us with supply chain concerns” and that “Our funding and sponsorships are directly tied to our ability to demonstrate strong operational standards. Without those standards in place, it becomes harder to secure the support needed to keep maintainers paid, organize events, and provide resources for developers at every stage of their journey.” Since Shopify is one of the primary sponsors and funders of Ruby Central, this led some in the Ruby community to believe that Shopify was exerting pressure on Ruby Central to make this change. “That is not how it happened, and I wish I had been more careful with my wording in that blog post,” Dumalo told me in a Linkedin message when I asked him if Ruby Central was under pressure from Shopify to make these changes. I just don’t think that there’s any other plausible explanation than Shopify demanded this. After I gave Dumalo my number so we could do a phone interview, I got an email from Cindi Sutera, who was recently brought on as a spokesperson for Ruby Central. "Ruby Central’s mission is to keep the infrastructure that Rubyists rely on stable, safe, and trustworthy,” she told me. “As part of a routine review following organizational changes, we identified a small number of accounts whose privileges no longer matched current role requirements. The Board voted that it was imperative to align access with our privilege policy to keep the infrastructure that the Ruby community depends on stable. This is our mission.” Sutera said that the board approved “a temporary administrative hold on certain elevated permissions” while it finalized operator agreements and governance roles. “To move quickly and transparently, we imposed a clear deadline to complete operator agreements and close gaps,” she said. “We could have communicated earlier that we felt it necessary to move quickly and wish we could have given the community more time to prepare for this action. And now, here we are committed to completing this transition for the stability and security of the Ruby Gems supply chain. More updates are coming as we work through security protocols and stabilization efforts.” “There’s literally only one company providing the money that is keeping Ruby Central open, and it is Shopify,” Arko told me. “And so I just don’t think that there’s any other plausible explanation than Shopify demanded this.” When I asked Arko why he thought Ruby Central removed him, if it wasn’t for security reasons, Arko said: “totally unprovable speculation is Shopify’s CEO is best friends with DHH, who hates me.” DHH is also a Shopify board member. “Thanks for the invitation, but not my place to weigh in a lot on this while they’re working through these changes,” DHH told me in an email when reached for comment. “But I support them taking steps to secure and professionalize the supply chain work they’re doing.” Shopify did not reply to a request for comment. As this episode spread on social media, I talked to several people associated with Ruby Central who told me the board was acting in the interest of the RubyGems and the Ruby community. Two sources who asked for anonymity for fear of retaliation said that Arko was difficult to work with, questioned how he used funds raised by Ruby Together, and claimed that a new Ruby version manager he’s working on, rv, means he has a conflict of interest with his work on RubyGems and Bundler. Arko acknowledged to me he heard he’s been difficult to work with in the past. He said that sometimes he’s been able to reach out to people directly and resolve any issues, and that sometimes he hasn’t. He rejected the other allegations, and said that Ruby Together’s financials have always been public. “It has always been fully public, and the amount has been fixed at $150 an hour for 10 years,” he said, referring to the amount contributors got paid to work on Bundler. Arko added that nobody has ever been paid for more than 20 hours a week, and that the most he’s been able to raise in a single year is $300,000 to pay eight different contributors. “Nobody has gotten a raise for 10 years.” “As a matter of policy, we don’t discuss individual personnel,” Sutera, the Ruby Central spokesperson, said when I asked if Arko was removed from the GitHub organization because of his previous behavior. “Our recent actions were organization-wide governance measures aimed at aligning access with policy. Our priority is maintaining a stable and secure Ruby Gems supply chain.” McQuaid, the developer of Homebrew and who followed the controversy, told me that even Arko’s harshest critics wouldn’t deny the contributions he’s made to the Ruby community over the years. Regarding Arko’s blog post about his removal, McQuaid told me it’s good that Arko is crediting other people for their contribution and that he’s following open source principles of community and transparency, but that “his ‘transparency’ here has been selective to things that benefit him/his narrative, he seems unwilling or unable to admit that he failed as a leader in being unwilling or unable to introduce a formal governance process long before this all went down or appoint a meaningful successor and step down amicably.” The fundamental disagreement here is about who “owns” the GitHub organization that houses Bundler and RubyGems. Technically, Ruby Central was able to assert control because Hiroshi Shibata, a member of the Ruby core team and one of the contributors who has owner-level permissions on the GitHub, made Haught, who revoked the others’ access, an owner as well. Any owner can add or remove any other owner, but when Ruby Central’s board voted to make this change Haught acted immediately and removed Arko, Dash, and others. However, Arko fundamentally disagrees with the premise that Ruby Central has the right to govern the GitHub organization in any way, and believes that it has always belonged to the group of contributors who had access up until September 19. Arko said that even if Ruby Central gave him his permissions back, he would not consider the matter resolved until Ruby Central stopped claiming it owns Bundler “but I am definitely not going to hold my breath for that one.” “When people really care, they’re passionate and they’re enthusiastic and they argue, and that often looks like drama,” McQuaid, the developer of Homebrew, said when I asked what he thinks this entire affair says about the state of open source development. “But if I had to pick between having the enthusiasm and the drama or losing both, then I’d probably pick the enthusiasm and the drama, because in some ways, the system is somewhat self correcting. Even the stuff that’s going on right now, people are having essentially a very public debate about what role do large companies or nonprofits or individual maintainers have in open source. To what extent does someone’s level of contribution matter versus what type of person they are? I think these are valuable discussions to be having, and we’re having them in the open, whereas if it was in a company, this would all be in a meeting room or with an HR department or in a leadership offsite or whatever.” From 404 Media via this RSS feed
Komunitas
lemmy.ca
Description from the developer: Pinepods is a podcast server that’s self hosted. It aims to be a multi-client version of what you might already have on your phone that allows you to listen anywhere. Host pinepods and get a web client, mobile apps, desktop apps, even a CLI app. Your progress syncs between all these. It supports gpodder sync for use with your existing apps if you want (though I’ve put 100 plus hours into the mobile apps and really would appreciate people at least giving them a go) and it has tons of features. Think Notifications on release, smart playlists, multi user, sharing, chapter support, YouTube channel to podcast support. Loads of stuff, and loads more still to come. With 0.8.0 the mobile apps are now on Google Play and the Apple app stores, and the api has been fully rewritten in rust. It’s a lean mean podcasting machine. And actually the real current version is 0.8.1. Excerpts from the Changelog: Introducing PinePods 0.8.0 – The absolute biggest Pinepods release to date. Pinepods mobile clients are officially released! Additionally the backend api has gotten a complete rewrite in rust! 📱 Official Native Mobile App Flutter-Based App – Brand new official mobile app built with Flutter for iOS and Android Cross-Platform Synchronization – Seamless sync between mobile, web, and other Pinepods clients (More to come on other very soon) Offline Support – Download episodes for offline listening with intelligent storage management Native Mobile Features – Background playback, lock screen controls, notification management, and mobile-optimized UI Professional Distribution – Will be available on both iOS App Store and Google Play Store along with open stores such as f-droid and izzyondroid The android apk will be attached to the github release. As well as released to the Google Play Store, f-droid, and izzyondroid Shortly after the 0.8.0 release. I need to get this release out in order to get them on the android stores fully. Links: iOS App Store 🦀 Complete Rust API Transformation Python Elimination – All Python dependencies have been completely removed from the container, resulting in a dramatically smaller and more efficient deployment Horust Process Management – Switched from supervisor to Horust for robust, lightweight process supervision and startup management. This is part of removing the python dependency and also utilizes more great rust based dependancies Internal Task Scheduler – Background processes now run directly within the Rust API service using tokio-cron-scheduler, eliminating the Celery dependency entirely Enhanced Reliability – Background tasks are more reliable with better error handling, automatic retries, and integrated logging Streamlined Container – Significantly reduced container size and complexity with the removal of Python runtime and associated dependencies 🔧 Infrastructure & Reliability Improvements Horust Service Management – All services now managed by Horust with proper process supervision, automatic restarts, and clean shutdown handling Integrated Background Processing – Podcast refresh, nightly maintenance, and cleanup tasks now run as scheduled jobs within the main Rust API service Database Operation Reliability – Improved server backup and restore operations with better error handling and validation Timezone Configuration – Runtime timezone configuration without container rebuilds, properly affecting all time-sensitive operations Simplified Deployment – Reduced container complexity and startup time with streamlined process management 🏗️ Development & Performance Pure Rust API – Complete rewrite of the Python API in Rust for improved performance, memory efficiency, and type safety Eliminated Dependencies – Removed Python runtime, Celery worker system, and associated packages from the container Better Resource Usage – Significantly reduced memory footprint and CPU usage with native Rust performance Improved Error Handling – Better error messages, logging, and debugging capabilities throughout the system Type Safety – Enhanced reliability through Rust’s type system and memory safety guarantees 🐞 General App Fixes and Improvments Better Youtube Support – The youtube search api is now embeded in the standard Pinepods Search api. This makes searching Youtube much faster and more consistent. Multi-Select Episodes – On the page for any given podcast you can now select and take actions on any given number of episodes. This allows you to mark all episodes of a given podcast as complete in one fell swoop. Arrows also appear on the episodes allowing you to mark all episodes newer or older than a particular episode. Playlist Limits – System Playlists are now limited to a max of 1000 episodes. This will take the most relevant 1000 for the playlist. Playlist Fixes - Also fixed an issue with the Almost Complete playlist where the completed percentage wasn’t working correctly. Category Fixes - Categories throughout the app have been improved. Sometimes they would previously show as a strange looking vector. This will no longer occur. Premium Feeds - Premium feeds should now be fully functional everywhere. Backup/Restore Database - The Backup and Restore functionality has been 100% totally rebuilt. This should fix some issues that it previously had with actually restoring. There’s also an option to schedule backups now. So that they run on a regular basis. The restore option will automtically see these backups as options to restore from. Subscribed People Fixes - The functionality around subscribed people has gotten some major fixes as well. This should fix numerous bugs related to people subscription Match Podcast Index IDs - There’s a new option in settings to match a podcast to it’s podcast index counterpart. Having this ID correct will allow for more consistent host following. Auto Complete Options - There’s also been an option added to playback settings in the settings area to auto complete an episode if it gets to a certain amount of seconds to the end of it. For example, you can set it to 30 seconds and if an episode is within 30 seconds of the end it will automatically mark it complete. Authenciation options added to NTFY Notifications - The NTFY notification settings now support username and passwords or authentication tokens. These can be skipped entirely still if you have no auth. Additional OIDC Settings - Experimental name claim settings added to to OIDC setup area. Name, email, user, roles claim options. As well as admin and user roles have all been added. 🕸️ Website Rebuild The Pinepods Website has gotten a complete revamp! It’s looking much nicer! Many more docs have been written as well. There’s documentation for just about every option in Pinepods. If you find something missing please let me know! Pinepods is a podcast server that’s self hosted. It aims to be a multi-client version of what you might already have on your phone that allows you to listen anywhere. Host pinepods and get a web client, mobile apps, desktop apps, even a CLI app. Your progress syncs between all these. It supports gpodder sync for use with your existing apps if you want (though I’ve put 100 plus hours into the mobile apps and really would appreciate people at least giving them a go) and it has tons of features. Think Notifications on release, smart playlists, multi user, sharing, chapter support, YouTube channel to podcast support. Loads of stuff, and loads more still to come. With 0.8.0 the mobile apps are now on Google Play and the Apple app stores, and the api has been fully rewritten in rust. It’s a lean mean podcasting machine. And actually the real current version is 0.8.1.
Komunitas
lemmy.ml
I have had the very same problems the author had with Linux, only with Windows. I have had countless driver crashes and Bluescreen™s, I have had Windows crap itself on updates countless times and every Win10 update they re-order the Settings app. Just recently a mandatory update which you can’t easily roll back as a regular user broke a lot of printers worldwide. Every operating system is shit, Kev just happens to like the Windows 10 flavour of shite better than the Kubuntu flavour of shite. […] sheer number of ways to install applications. I had some that were DEBs, others were Snaps, a couple of Flatpaks and an AppImage to finish it all off. In Windows, you have app stores like Steam, the Windows Store, Epic Games Launcher, random packages you download from untrusted sources, chocolatey.org. There’s a whole industry just packaging and re-packaging MSIs and similar software distribution methods. I’d say there are just as many package managers on Windows as on Linux. whether it’s an EXE or an MSI, it’s all the same process. You download the package, click next > next > finish and you’re done. Not really. Sometimes you have to log in. Sometimes you have to enter some weird key. Sometimes you need to hold your internet connection so the software can phone home. Examples are: Adobe software, Windows itself, Microsoft Office… I don’t have to waste time troubleshooting a package that isn’t integrating with the system properly, or looks like it’s straight out of 1995 because no theming is applied for some unknown reason. This happens on Windows, too. Every second app is a browser bundling some JS files sideloaded from an Internet server (e.g. Discord). Then there are pre-Win7 applications in 16 bit which can’t run at all, so you have to use a VM. Then there are applications which remove their theming. Some apply their own (Chrome), some completely disable them. At least in Linux I don’t have to reboot my computer because an app thinks grabbing the whole screen and not allowing Alt+F4 is a good idea. all the apps that I use on Windows have an update mechanism within them Dear Lord, how is that a plus point? Do I even have to comment on this? I prefer a single application updating all of my system’s packages. Which doesn’t really happen with flatpaks anymore, but that’s another battlefield. That the author prefers every single program to phone home is just their preference, neither a plus nor a minus point. Firefox crashing pretty much every time I open it. Someone fucked up their profile pretty bad. I have never had that happen, the worst problems were when they changed the plugin APIs to WebExtensions and redid the renderer and whatnot. Deleting the profile mostly worked. Firefox is an OS in and of itself, no wonder some weird edge cases crash your Firefox, Kev. I’m sure I’m going to get a lot of heated responses to this post. I get it, Linux is better than Windows in a lot of ways. But, as much as I hate to admit it, Windows is better than Linux in many ways too. That’s where you’re wrong, kiddo. Nobody cares which OS you use. And nobody should care. If you need a blog post to justify Windows for yourself or rant, fine. The post doesn’t go deeply enough into the reasons why the bugs happened because the author apparently doesn’t really care, so there’s not even much to respond to. The issues are simply ones of the many thousands of edge cases which don’t happen on Windows because Windows is the OS used by >90% of desktop users. Statistically speaking, at least ten times more people are affected by any single bug, which means Windows gets priority fixes most of the time. For most of these issues, you can buy support. You can pay people to do the stuff you want to be done. You can do it yourself. That’s not possible on Windows, because it’s so closed down that you can’t even change some system files when you’re Administrator, because there exists a SYSTEM account owning these… Again, I’m not saying Linux is better than Windows, just that every OS is a different flavour of shite nowadays.
Komunitas
lemmy.zip
First off, what is generally understood as “AV”, are whole bloated suites, that scan surveil your browser usage, downloads, background processes, ip traffic, etc. They are not only over-the-top, often annoying with false positives (“I still exist, notice the good product!”), always a privacy nightmare and more often than not a mix of security theater and snake oil. But also a gaping security hole, because they need elevated privileges to do their tasks and are at the same time hastily cobbled together software ruines that do dangerous tasks like decoding media. While the professional “AV” is applying security practices and in some cases (like spam mails) running a heuristical AV scanner over it. You can of course do that on Desktop too; i’ve set up a ClamAV cronjob for my dads peace of mind. But keep in mind, that the heuristics are always a step behind: don’t trust them blindly. And btw, Firefox at least, has scans of downloads default enabled now (with a local list, no rivacy risk). Chromium too?
Komunitas
lemmy.bestiver.se
I’m in my first month of a paid GitHub Copilot Pro subscription. I had great success using GPT 4.1 to translate a Haskell project into OCaml; GPT 4 saved a couple days of effort on a week-long task. (In reality, I routinely underestimate how long projects take, so I probably saved a much larger amount of time). From there it was easy to pay for the first month of Copilot ($10 USD/mo). But I quickly realized that asking Copilot to do anything was very disruptive. I don’t do well with interrupt-driven development; I have a productive mental zone that takes several minutes to enter, and asking questions to an LLM breaks that zone. So my first month of LLMs has been trimmed down to just autocomplete in VS Code. One of my current tasks is to test a home-brewed, JSON build system. And one of my tests is to download, extract and normalize uutils (Rust-ified versions of ls, find, etc.) for multiple architectures. And no surprise, I quickly found my build scripts were repeating mostly the same thing with slight variations. I start typing the first item in a JSON array: "get-asset-file [email protected] -p coreutils-0.2.2-aarch64-apple-darwin.tar.gz -f coreutils.File.Darwin_arm64.tar.gz", and Copilot fills out the other JSON items: "get-asset-file [email protected] -p coreutils-0.2.2-x86_64-apple-darwin.tar.gz -f coreutils.File.Darwin_x86_64.tar.gz", "get-asset-file [email protected] -p coreutils-0.2.2-aarch64-unknown-linux-gnu.tar.gz -f coreutils.File.Linux_arm64_gnu.tar.gz", ... 6 more ... The auto-complete was accurate; in fact, it was more accurate than I would be. It also saved me lots of typing, and as an unapologetically lazy programmer I might call that a win. But it was not a win. The repetition was the direct result of the structural deficiency with overly simple build systems: they lack looping constructs. The proper thing to do is to use a loop over a map/table/dictionary, and in my case in particular that means I must do the grunt work of integrating some small language like Lua that can do loops. Does Copilot suggest the right thing? Of course not, at least without me prompting it first. Deeper thought: Conventional next-token prediction trains LLMs to produce words, not remove words. In our childhood training to become effective communicators, we learn when producing words is necessary; we also learn brevity. And as software engineers, we learn brevity is a good thing as we reduce repetitive lines of code into a loop. My first month: I have never seen the LLM autocomplete a repetitive block of code into a simpler loop. So, I’d love to see an explicit counter-bias during training to simplify and remove words. I could ask the LLM to simplify code. That might work (though not because the model is structurally aware of how to simplify code). Regardless, if I’m going to pay for a tool to suggest things to me, I shouldn’t have to suggest code simplification to the code suggestor. I’m going to keep paying the $10 even if I don’t find auto-complete that useful. Copilot has already paid for itself. But I’m left thinking that today’s LLMs have over-indexed on the wrong objective. Thoughts?
Komunitas
lemmy.blahaj.zone
Exactly this, the .zip file extension is widely known, and now that it’s also a TLD, it can be confusing for some people. There’s no technical vulnerability, but the existence of .zip TLD just gives more ammo for phishing. For example, someone could register a domain name recent-bank-statements[.]zip (without brackets) and then have a subdomain for chase.com and send someone a link to https://chase.com.recent-bank-statements/[.]zip to “Download your bank statements”. If you’re not looking closely, you might not realize there is a . instead of a / and think that this link would go to chase.com When the site initiates a download of a zip file, you might trust the contents thinking it came from Chase and not a malicious link.
Komunitas
lemmy.dbzer0.com
When engaging in criminal activity, you have no “legal” recourse for malicious behavior, so you work on the web of trust instead. If you can’t trust the software, nor the publisher, nor the hash verified by however many seeders, then don’t download it in the first place. Me personally, considering I install indie porn games on the regular and never once gotten a virus that I know of, I think it’s worth it to trust others. Of course you could always go into paranoid zero trust mode but sometimes being a social being means trusting the criminal serving you free shit isn’t ratfucking your data