fmstrat

Thats why I bind toggling them to a hotkey. One or the other at a time, never both.

So maybe use Debian and compile the app yourself instead? The Dev made something free with their time, use your time to make it work for you.

It’s VIM features and key bindings that you can toggle on and off with a hotkey in VScode.

Very handy when you have a task that VIM is better at (for your workflow), like recording s macro and replaying 100 times.

Why not both?

https://github.com/VSCodeVim/Vim

Yes, but…

The build environment was not clean to start, which is why a contributor is working to correct that.

You could also have the build scripts that run on GitHub pull the binary releases directly from their original release locations at build time, vs a file that an individual can modify in the source tree. This isn’t as good as building from source, but it’s better than nothing.

You:

solve a relatively minor security issue.

Wikipedia:

In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name “Jia Tan”.[b][4] The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number CVE-2024-3094 and has been assigned a CVSS score of 10.0, the highest possible score.[5]

Binary supply-chain attacks are not “minor security issues”. There is a reason many companies will not allow admins to use Ventoy.

I like Ventoy, it’s a fantastic project. I like that the author is transparent about where they won’t be spending their time. You can like a project, and recognize it’s flaws at the same time.

A contributor building a PR to solve the build concerns is not a bad thing, it’s to be celebrated. Even a short-term solution of having the build script pull the binaries from a release and checksum them would alleviate a lot of that concern. And the Windows vs Nix item would be alleviated by the GitHub build ENV. Binary releases isn’t the problem, it’s binary in the source. This is about audits and traceability more than the build itself.

Not having a security first posture on these kinds of attacks is how the xz event happened, and I would hate to see that happen to Ventoy. I look forward to contributors helping the author out.

The problem with Ventoy isn’t the ISOs.

The problem is they use binary versions of core tools like cryptsetup in their source tree, vs compiling them at build time.

This leaves the door open to supply-chain attacks. I.E. a PR with a bad cryptsetup binary, or an attack on crypt that makes its way downstream with no way to audit. This is how huge software distributions make their way to Wikipedia in a bad way: https://en.m.wikipedia.org/wiki/XZ_Utils_backdoor

The solution is the build those binaries at build time, which a fork is working on.

@Kongar@lemmy.dbzer0.com

The only true solution to this is cryptographically signed identities.

One method is identity verification tied to a public key, which can be done with claims aggregation (I am X on GitHub, and Y on LinkedIn, and Z on my national ID, etc), but this removes anonymous use.

Another is a central resource to verify a user’s key is a real human, where only one entity controls the identity verification. While this allows pseudo anonymous use, it also requires everyone to trust one individilual entity, and that has other risks.

We’ve been discussing this with FedID a lot, lately.

Maybe, but not based on the sign. That’s a standard trucker joke about waiting for pumps.

True, I went through that phase as well. It usually came with a side of insecurity. Just happy to have grown in more than just age.

For me, the hardest at-home part is the motivation. It’s so easy to “skip”. Finding things like pre-plans or games like Zwift on a bike trainer help, because it sets my schedule.

I also found it handy to pick an audio book, podcast, or show I liked, and only do that while working out.

I 1000% expected the Undertaker to cameo the end of this.

Having grown up in a conservative household in a red state (US), and having thought this as I transitioned away to more liberal stances as I learned more about the world, I have to say: Spot on. I was an uninformed idiot.

You must be man. 😀

Me too, but I also sew, so: Different types of clothing fit women differently based on size. And I don’t mean body shape fit just being slightly different. A “small shirt” can have a million different lengths which could reveal midriff based on bust or Shoulder size. This is impacted by curves but is a total dofferent measurement. And this can happen with any gender, but statistically more so for women.

And wait until you realize that people are sized different in different countries other than America.

The best solution would be to remove sizes altogether and create a standardized measurements sheet that is required to be included on clothing sites or tags. Or at least an international standard. It’s done in engineering, why not in textiles?

The whole point of this issue with Pixelfed is that none of what you describe is required.

Find any follower of a Fediverse account of any kind (Target Account) that’s on a Pixelfed server. Go to that Pixelfed server, view “private” posts from Target Account there.

No need to set up a server, or get sent anything. Granted, even without this flaw ActivityPub is not the way to go for anything private.

Chuck?

It’s because Mark Rober said he was still buying a new one after driving his through a wall.

Next post:

“Why do people respond to a message that doesn’t need a response when they could just send an emoji?”

The real question: Is that Pilot G7 a 0.10 or a 0.07? Very different pens. 0.7 ftw

Oh yea, dont debate any of that. I wasn’t saying this wasn’t a 100% show of feces.