If only we had reproducible builds, that would surely have prevented this.
> MEGATHREAD: All of Young Thug's leaked calls and beef in order
> Young Thug, Drake, Lil Baby, Lil Durk, 21 Savage, Future, Metro Boomin, Gunna, Yak Gotti, YSL Slug, YSL Woody, YSL Obama, YSL DK, SlimeLife Shawty
These are all nobodies except Drake but he sucks for other reasons, so why does anyone who likes rap care about any of this?
Is it ok for people on the ActivityPub network to speak negatively about other distributed social networks? #EvanPoll #poll [ ] Yes [ ] Yes, but... [ ] No, but... [ ] NoCoSocial
Today I learned that Porche Headlights are great Grow Lights for your Weedz ...
The actual fuck?
@feld @SlicerDicer I don't know if you've been in a grow room (doo dee do) but they're hot (and humid).
If you're not in a place where it's legal to grow, IR is Often used (from the air) to find homes with Super Hot Spots.
The fun part Slicer is that it would seem they're STUPID easy to steal. (?!?)
Aside: When I was in Uni, every year they'd put sodium bulbs in the lamp posts over three or four bridges, and about two weeks after the quarter started, they would all disappear. A-MA-Zing.
On this day in 1966, Star Trek first beamed into living rooms across America. None of us could have imagined then the journey it would set us on. And not just the cast and crew, but the millions of fans who would find hope, inspiration, and community in its vision of the future.
Over the decades, I’ve been humbled and grateful for the love you’ve shown, not only to me, but to the ideals of Star Trek itself: diversity, unity, and the belief that together, humanity can boldly go where none have gone before. Thank you for your unwavering support and for keeping this dream alive all these years. Live long and prosper, always.
you can neuter what root can do, disallow a lot of things at the jail level.
Not sure if you can meaningfully segregate X11 apps just because of a jail though
Today's #AndroidAppRain at apt.izzysoft.de/fdroid brings you 19 updated and 2 added apps:
* Network Switch: enables you to toggle between 4G and 5G network modes 🛡️
* Screenlite Web Kiosk: a simple Android kiosk browser app that displays web content in full-screen mode 🛡️
RB status: 705 apps (53.9%)
5 #Magisk modules have been updated at apt.izzysoft.de/magisk
Enjoy your #free #Android #apps with the #IzzyOnDroid repo 
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).IzzyOnDroid App Repo
Beginning June we witnessed a sudden surge of Delta Chat usage especially in the US and Cuba. We don’t know the social dynamics behind it but it probably helps that Delta Chat apps resiliently work...delta.chat
Peter Vágner reshared this.
For Goodbye Stranger there is an edited version that is often played on radio and found on "best of" that is shorter as they edited out a few bar of electric piano soloing (in the bridge).
It's not even like the wanted to erase words like in "Creep" (Radiohead song)
💬 WECHSEL von #K9mail auf @thunderbird
UPDATE:
Es ist total easy. Die Daten müssen nicht vorher von K9 Mail exportiert werden
#Thunderbird installieren und dann den Weg gehen, wie in den Screenshots zu sehen. Das auswählen, was aus #K9mail importiert werden soll - fertig 👌
Thunderbird liest die Daten direkt aus K9 Mail aus
Me too, it's really easy 🙂
I finally switched yesterday after you announced the temporary bug in K9.
Sensitive content
On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing backdoored versions of his package. Someone noticed and let Josh know: Josh confirme...fasterthanli.me
try {
args = JSON.parse(JSON.stringify(argsIn));
} catch (e) {
args = [...argsIn];
}
Ah see? I'm not the only one who didn't know about structuredClone
Here's the NPM supply chain attack payload deobfuscated & cleaned up by hand as best I could: github.com/fasterthanlime/0x11…
...I'm not sure it would ever work in its current form, tbh
De-obfuscated payload from the September 8 2025 npm supply chain attack - fasterthanlime/0x112GitHub
Re-posting due to current events.
The secret language of coders, part N of many. Today: "npm"
You do a pull request to an #OpenSource project.
A hour or so later, a maintainer of the upstream does a pull request to _your_ fork. Is this...
I have been pushing for #Inkscape to remove/decommission it's Twitter account. But I didn't want to do it unilaterally, bossing people about, but through reasoned policy that can be applied to other captured banana-pants social media platforms.
So I've drafted a policy, which I'm interested in having more people look at as it's going to be one of those gnarly things that's important to get right:
lists.inkscape.org/hyperkitty/…
What do you think? Worth while approach for a #foss project?
Until now, if you lost or broke your phone, your Signal message history was gone, a real challenge for everyone whose most important conversations happen in Signal. So, with careful design & development, we’re rolling out opt-in secure backups.
Secure backups will let you save an archive of your Signal messages remotely in privacy-preserving form, refreshed daily.
Now available in the latest Android beta release, rolling out to iOS & Desktop soon
signal.org/blog/introducing-se…
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal.Signal Messenger
Indeed, it's a dire situation, and I think the world will be worse but for the vain aspirations of a small man. It's an unfortunate but common refrain these days.
Apologies, about the previous post, my subtle ironies are sometimes too subtle. 😅
@jszym aussi ils ont été les deux plus vieux Premiers Ministres de la Vème republique.
(Attal était le plus jeune)
Just because you add some ARIA and call something “accessible” doesn’t actually mean it is.
Looking at a self-described “Accessible, high-perf” infinite scroll (it really just starts over) that is janky as fuck, doesn’t take keyboard focus (in Safari), uses scroll snap to awful effect, and lets the scrollbar thumb become a liar.
How’s your day?
would that our local police were as committed to arresting asshole pickup truck drivers as the Prince George RCMP was to arresting this guy driving a toy Barbie jeep
New Privacy Guides article 
⛔
by me:
Chat Control is one of the
most terrifying proposal for dystopian authoritarianism the Western world has seen in years.
We need your help to fight it ✊🇪🇺
For democracy,
For privacy,
And for all other human rights,
We cannot afford to lose this battle.
📩 If you are European (EU):
Contact your MEPs this week before Friday, September 12th, to tell them to oppose Chat Control (more information in the linked article).
🗣️ If you are outside of the EU:
Spread the word! Tell your friends and family in the EU about it! Make noise on social media! This will affect you too.
privacyguides.org/articles/202…
#PrivacyGuides #ChatControl #StopScanningMe #Privacy #HumanRights #Democracy #EUpol
Chat Control is back to undermine everyone's privacy. There's an important deadline this Friday on September 12th. We must act now to stop it!Privacy Guides
reshared this
Strasbourg, Blick von der Kathedrale Notre Dame
#Strasbourg #France #photographie #photography #urban_photography #architecture #europe
> Notable fix - thumbnail generation for 200MP HEIC images
who the hell is uploading 200MP HEIC images?!
I didn't look into it yet but I heard that the replacement for the Dept of Labor after Trump fired the last one for "fake jobs numbers" released their report and it was the same numbers essentially
When I heard this I started uncontrollably laughing. He couldn't even find a patsy to give him fake numbers?!
To me, the worst part of what is being called the "largest supply chain attack in history" is the fact that there are over "2.6 billion weekly downloads of those NPM packages"
What the actual fuck?! [says a guy who used to curate SQL queries because the results took too long to deliver over 9600bd]
I maintain the Debian package/repo for Helm here https://helm.sh/docs/intro/install/#from-apt-debianubuntu . The bandwidth has gotten to be enough that it's no longer feasible to host it myself (~7...mattfox (GitHub)
Ban the leaf blower.
They’re not just loud—they unleash a jagged mechanical howl, a pitch that swings between jet engine and chainsaw, cutting through walls and windows. It’s a sound that never settles, a rising and falling whine that forces itself into your head until you can’t think. Noise pollution at its most aggressive.
Then there’s the exhaust. Two-stroke engines that spit out more pollution in an hour than a car does all day. All so someone can clear leaves a little faster.
The only reason they’re still legal is because politicians chose the landscaping lobby over the public. That’s it.
reshared this
Sensitive content
A Cli package for the public Radio browser API, built to be lightweight , accessible and easy to use from the ground up. - GitHub - tgeczy/radio-browser-whiptail-cli: A Cli package for the public ...GitHub
![["STOP DOING MATH" meme format - plain text on light blue background]
STOP DOING ALPHA CHANNELS
• Pixels were not meant to be transparent
• YEARS OF DISPLAY TECHNOLOGY yet NO REAL-WORLD USE FOUND for anything beyond OPAQUE RGB PIXELS
• Wanted to make part of your texture invisible anyway for a laugh? We had a tool for that: It was called "[bright magenta pixel]"
• "Yes please give me this specific color in INVISIBLE. Please give me 150 % intensity on the red channel" - Statements dreamed up by the utterly Premultiplied
LOOK at what Graphics Programmers have been demanding your Respect for all this time, with all the CRTs & LCDs we built for them
(This REAL Transparency, done by REAL Graphics Programmers)
[Three images demonstrating transparency, but with their transparent parts rendered as opaque in different ways:]
[Wikipedia's sample PNG image "PNG_transparency_demonstration", with the transparent background shown as the usual light gray checkerboard pattern]
[the OpenEXR sample image "PrismLenses", with the transparent background shown as solid black]
[a texture of a bouquet of flowers, with the transparent background replaced with opaque colors "bleeding out" from the opaque pixels]
[all images are subtitled with progressively longer strings of red question marks]
""Emission with no occlusion cannot be represented in straight alpha""
They have played us for relative fools](https://fedi.ml/photo/preview/640/702277 "[\"STOP DOING MATH\" meme format - plain text on light blue background]
STOP DOING ALPHA CHANNELS
• Pixels were not meant to be transparent
• YEARS OF DISPLAY TECHNOLOGY yet NO REAL-WORLD USE FOUND for anything beyond OPAQUE RGB PIXELS
• Wanted to make part of your texture invisible anyway for a laugh? We had a tool for that: It was called \"[bright magenta pixel]\"
• \"Yes please give me this specific color in INVISIBLE. Please give me 150 % intensity on the red channel\" - Statements dreamed up by the utterly Premultiplied
LOOK at what Graphics Programmers have been demanding your Respect for all this time, with all the CRTs & LCDs we built for them
(This REAL Transparency, done by REAL Graphics Programmers)
[Three images demonstrating transparency, but with their transparent parts rendered as opaque in different ways:]
[Wikipedia's sample PNG image \"PNG_transparency_demonstration\", with the transparent background shown as the usual light gray checkerboard pattern]
[the OpenEXR sample image \"PrismLenses\", with the transparent background shown as solid black]
[a texture of a bouquet of flowers, with the transparent background replaced with opaque colors \"bleeding out\" from the opaque pixels]
[all images are subtitled with progressively longer strings of red question marks]
\"\"Emission with no occlusion cannot be represented in straight alpha\"\"
They have played us for relative fools")
Malicious javascript compromise on npmjs.com
These packages, about a billion downloads prior
supports-hyperlinks
chalk-template
simple-swizzle
slice-ansi
error-ex
is-arrayish
wrap-ansi
backslash
color-string
color-convert
color
color-name
Thread follows.
Weekly download stats for impacted packages prior to incident
ansi-styles (371.41m)
debug (357.6m)
backslash (0.26m)
chalk-template (3.9m)
supports-hyperlinks (19.2m)
has-ansi (12.1m)
simple-swizzle (26.26m)
color-string (27.48m)
error-ex (47.17m)
color-name (191.71m)
is-arrayish (73.8m)
slice-ansi (59.8m)
color-convert (193.5m)
wrap-ansi (197.99m)
ansi-regex (243.64m)
supports-color (287.1m)
strip-ansi (261.17m)
chalk (299.99m)
Total 2674m
Matt Campbell
in reply to Matt Campbell • • •Martin
in reply to Matt Campbell • • •Matt Campbell
in reply to Matt Campbell • • •Josh Simmons
in reply to Matt Campbell • • •Implement The Update Framework (TUF) for Project Signing by walterhpearce · Pull Request #3724 · rust-lang/rfcs
GitHubJames Henstridge
in reply to Matt Campbell • • •That's essentially how Go's package management started. Module names are essentially URLs of a git repo, or of a website that has some special metadata pointing at the repo.
It had a few problems:
1. If a popular project with frequent CI builds used you as a dependency, your code host will get hammered.
2. You might not be able to rebuild your project if the hosting for a dependency is offline.
3. You might not be able to transfer ownership of a module without also changing its name (e.g. if it was published in the Github personal namespace of the original author).
The first two problems were solved by introducing a module proxy run by Google. Instead of hitting the upstream directly, you download a zip file of the module source from the proxy. That version is only retrieved from upstream once, and can persist even if the code host goes away.
Matt Campbell
in reply to James Henstridge • • •Migrating from AWS to Self-Hosting ⚡ Zig Programming Language
ziglang.orgJames Henstridge
in reply to Matt Campbell • • •You can set an environment variable to have the toolchain bypass the module proxy and clone things from git directly. You then run into the reliability problems in CI, where each job usually starts with none of the dependencies available.
You can also also point the toolchain at a different module proxy, and there are a few open source implementations (e.g. Athens). Frustratingly you can't run the same proxy as Google, since they built it on top of internal infrastructure and haven't released the source.
Glyph
in reply to Matt Campbell • • •this would make everything worse. Without a central authority to filter malware, users would search the open web for random packages with zero possibility for community-wide mitigation. Every lapsed developer vanity domain, every failed startup, would immediately result in mass compromise.
If there is a problem with crates/npm/pypi, it’s that the abstraction of a “package” obscures the trust relationship with the org that produced it. It’s too hard to audit those relationships.
Matt Campbell
in reply to Glyph • • •Deciphering Glyph :: Calling all Ascetic Buddhist Rock Musicians
blog.glyph.imGlyph
in reply to Matt Campbell • • •Matt Campbell
in reply to Glyph • • •Glyph
in reply to Matt Campbell • • •Krzysztof Sakrejda
in reply to Matt Campbell • • •