I just searched on GitHub for "Sha1-Hulud: The Second Coming.": 692 repositories. On the first page of results I was able to find a repo clearly made by the malware, and in that repo I was able to find someone’s github token with a few applications of “decode from base64”.

This is pretty bad. I don’t know what exactly comes next, an awareness campaign to get people to clean their infected machines and packages?

A side-effect of the li/unix ecosystem overall moving to wayland is that conky is no longer really an option for spicing up your desktop.

Without conky, it’s much less trivial to do “interesting” things beyond window tiling, window decorations, and/or color theming.

Thanks for sharing that link, I thought the watchy had been more-or-less abandoned by the community.

For what it’s worth, GitHub says that chronos firmware had it’s 1.0 release just 5 days ago, so I’m not surprised the other commenter didn’t know about it.

What exactly is meant by “smart features” ? The watch is an esp32 microcontroller driving an ePaper screen and a gyroscope (I forget if there are any other peripherals). It’s already much smarter than a “regular” wristwatch, and being open source you can make it as smart as you want (in theory and within the performance allowed by it’s specs, of course). The stock “os” will fetch the weather and adjust to daylight savings via internet.

Do you mean stuff like there’s no smartphone app available for it? It doesn’t pair with a smartphone out-of-the-box to do things like show SMS, email, calendar events, etc?

Syntax highlighting for code blocks is the reason I prefer discord over slack for collaborating and just chatting with friends who know how to code. I imagine some irc clients exist that so the same, but at least with discord I know my recipient is guaranteed to see what I see.

Sounds like either federation working as intended, or some client app trying to cache info about your instance. Might be https://fedidb.com/ or https://fediverse.observer/ or some other service.

From my understanding of word embeddings (as used by LLMs), you could skip the LLM and directly compare the similarity of what the STT outputs to each task or phrase in a list you have prepared. You’d need to test it out a few times to see what threshold works, but even testing against dozens of phrases should be much faster than spinning up an LLM - and it should be fully deterministic.

plus my passwords are partials (I salt them)

I’m curious how you make that work - do you just remember the salts, store them separately, or what? I have like 50-70 passwords in my store currently, there’s no way I’m remembering a (true random) salt for each one.

I use pass for my passwords, and it has an otp extension that I’ve been using more and more. I used to use aegis but I have needed to switch phones one too many times without having access to the previous phone to be comfortable with phones for 2fa.

Of course, this isn’t as secure as a truly separate OTP solution, but it’s still better than no OTP/2FA. And I can easily enough back up and restore my 2fa access over the internet, even on a new computer (albeit I need to also backup a PGP key that can decrypt the password store to truly be portable).

Kudos for developing this on your phone! I’ve played around with termux, even have a Bluetooth keyboard, but I’ve never had the courage to actually code through it.

I often see LogSeq, and to a lesser extent Silver Bullet, mentioned as self-hostable alternatives to Obsidian that people actually appreciate using.

Ok but if it allows anubis to judge the soul of my bytes as being worthy of reaching a certain site I’m trying to access, then the program is not making any calculations that I don’t want it to.

Would the FSF prefer the challenge page wait for user interaction before starting that proof of work? Along with giving them user a “don’t ask again” checkbox for future challenges?

To my knowledge, there is 1 feature that forgejo has that gitea doesn’t: it can generate a new ssh key for you at the click of a button that can be used to push repo changes to another git forge.

I have several personal repos on my forgejo instance that are each setup so that they mirror themselves onto my Codeberg account at noon every day.

I also have a gitea instance on a raspi on my local network that itself will push out changes on certain repos to the (public-facing) forgejo instance.

I can push and/or pull to any of the three origins as needed, but usually I just push to the gitea when I’m at home and the forgejo when I’m not, and let the mirroring take care of propagating changes to Codeberg.

I don’t expect ai/LLM tools to make it easier to create nice looking art, but they should make it easier for anyone to create their own placeholder graphics that at least would allow them to run the game on their own.

It’s a bit sad, but not that surprising, that if this is true then Microsoft is clearly not tasking their most experienced engineers on the control panel (you know, that part of the OS who’s function is to allow you to tweak all the rest of the OS?).

In case the “dim” comment isn’t a joke, as I recall it’s short for “dimension”, as in you are specifying each variable’s dimension in the computer’s memory. Source: some “intro to programming with vb6” book I read like 15 years ago at this point.

Not necessarily cash, but definitely a bit of luck. Some lawyers, if they think a case is guaranteed to go your way, will do the work for free in exchange for receiving a portion of the damages the final judgement will award you. Even rarer, some lawyers care enough about some issues on a personal level that they’ll work for free, or reduced rates, on certain cases.

In this case, I’m not sure there are any damages whatsoever to award to OP - a “win” is forcing the company to abide by the GPL, not pay up money. The EFF and the FSF, as others have brought up, are probably the best bet to find lawyers that would work on this case for the outcome instead of the pay.

You’re right, I should have been more specific.

If you’re already storing your password using pass, you aren’t getting 3 factors with pass-otp unless you store the otp generation into a separate store.

For services like GitHub that mandate using an otp, it’s convenient without being an effective loss of 2fa to store everything together.

I already use pass (“the unix password manager”) and there’s a pretty decent extension that lets it handle 2fa: https://github.com/tadfisher/pass-otp

Worth noting that this somewhat defeats the purpose of 2fa if you put your GitHub password in the same store as the one used for otp. Nevertheless, this let’s me sign on to 2fa services from the command line without purchasing a USB dongle or needing a smartphone on-hand.

For what it’s worth: I self-host gitea, and it gives me the possibility to import not only repos but also issues, projects, etc from GitHub, gitlab, bit bucket, and a handful of others.

I don’t know if Utterances can work with gitea’s API. If it does, then in theory you should be able to migrate to gitea from GitHub for this use case.