So no one here seems to have actually used a recent Samsung device. "System" includes user apps and system apps unless "My Files" is granted the permission for usage access. Several comments on the article and in the Twitter thread have already pointed it out.
We keep asking that users must be asked for explicit permissions and granular scopes are for the good and then users themselves skip reading on these permission grants.
Github has always (in my experience) been clear about what permissions are being granted to the site you're signing into, and if you don't agree, you can easily cancel the sign-on flow.
It's not clear at all. The scope UI says 'Repositories - Public repositories'. It does not sound dangerous and only reveals that the access is r/w (not r/o) after expanding the dropout. It does not mention stars at all.
Sounds like the basis for an argument for refining the scopes such that it is abundantly clear which scopes write data and which ones do not.
No one should be surprised that allowing an untrusted program to write files and permissions through an operating system could lead to a security exploit.
Many would likely be cognizant of the risk of becoming a member of a botnet.
Allowing untrusted programs to control your digital services is not fundamentally different, in my current perspective.
Truly though, wouldn’t you expect that your IP might be banned if your computer was compromised by a ddos botnet?
Your GitHub user account was compromised by a bad actor, so it shouldn’t be surprising nor considered victim blaming.
Of course, GitHub might cross the line to being unreasonable if they become aware of this as a potential security issue and fail to mitigate the phishing risks that they are exposing their customers to.
edit: restoring your user account to good standing, if absolutely necessary, is certainly something to strive for, but be aware that it can take years or never, from anecdotes that I’ve heard about Google, Apple, Twitter, etc. Microsoft/GitHub/LinkedIn won’t likely be any different, in that regard
> Your GitHub user account was compromised by a bad actor, so it shouldn’t be surprising nor considered victim blaming.
But GitHub sees where did the request to create the stars come from. The requests all came with authentication tokens associated with the given malicious site. They have all the data to see how the account got “compromised”, and they also can see that the account owner is unlikely to have knowingly participated in the “star farming”.[1]
The obvious and correct solution is to delete all stars created through tokens associated with the malicious site[2], disable access for the malicious site and write a letter to the compromised users.
1: further absurdity is that by deciding that the stars were farmed Github already made the decision that they are not comming organically from users. Because if they were comming organically from the users then it wouldn’t be star farming, just a popular repo. So why are they punishing the users then?
2: one more absurdity is that stars don’t cost github anything. It is just a number in a DB. It is not like they incurred a cost due to this attack. Github decided that they care about some stupid stars, and make the farming of them a bannable offense.
I believe they're calling it Day 1 in the sense that the devs themselves are saying a lot of it is hacked together and not daily driver material for most of the users. A lot of releases and revisions before this is even upstreamed.
This isn't a port of an existing driver. It's completely new Kernel space + user space driver. Of course it makes use of the mesa "framework" but that doesn't mean the driver is 27 years old.
What do you think porting a driver to a completely new GPU means? Doing so will require new kernel space and user space code. The existence of these new components doesn't mean there is a completely new graphics driver. Only parts of it that are platform specific are new.
The graphics driver of a system spans from a talking to the hardware to exposing a graphics API such as OpenGL or Vulkan for applications to use. Splitting up the graphics driver into separate components and calling each component a driver is different from what I mean when I am referring to a driver.
Mesa isn't a driver. Mesa is just an abstraction on top of the software that DRIVES the hardware (a driver), which is being written from scratch. Nobody (including the Asahi developers) but you subscribes to your definition of a driver. Drivers implementing Mesa may share next to nothing in common, so no, it's not a "port".
The ashahi driver inside Mesa builds upon Gallium3D so it does use shared components of the Mesa library stack. This is not a from scratch driver, it's one that uses the powers of the Mesa library.
But seriously, this does raise genuine concerns about what is the acceptable limit for microplastics in the egg whites initially, since microplastics have made way to everything we consume today.
Even if the battery life is not that good as with Safari, there's nothing like Multi-Account Containers extension on other browsers. Helps a lot with separating accounts with added conveniences. Can't really go back to any other browser after having used containers on Firefox!
They have reported incidents for the last two days but seem to limit it to a short amount of time which is clearly not the case for many folks out there.
I don't think OP takes into account that there seem to be multiple editions of the same book which are often required by people to refer to. Not everyone wants the latest edition when the class you're in is using some old edition.
In practice, it's more often the same file with minor edits such as a PDF table of contents added or page numbers corrected. Say, how many distinct editions of this standard text on elementary algebraic geometry are in the following list?
I like to think that LibGen also serves as a historical database wherein there is a record that a book of a specific edition had its errors corrected. (Although it would be better if errata could be appended to the same file if possible)
Yes, for very minor edits, those files should obviously not exist, but for that there would need to be someone who verifies this, which is such an enormous task that likely no one would take up.
If you are referring to my duplication comments, sure (but even then I believe there are duplicates of the exact same edition of the same book). Though the filtering by filesize is orthogonal to editions etc. so has nothing to do with that.
I have found the same book with multiple sized pdf, with same content. Someone maybe uploaded a poorly scanned pdf when the book was first released but later Someone else uploaded a OCRed version, but the first one just stayed hogging a large amount of storage.
How do you automate the process of figuring out which version is better? It's not safe to assume the smaller versions are always better, nor the inverse. Particularly for books with images, one version of the book may have passable image quality while the other compressed the images to jpeg mush. And there are considerations that are difficult to judge quantitatively, like the quality of formatting. Even something seemingly simple like testing whether a book's TOC is linked correctly entails a huge rats nest of heuristics and guesswork.
My usual heuristic is to take the version with the largest number of pages, or if there are several with the same number of pages, the one with the largest filesize. Obviously if someone is gaming this it won't work; it's trivial to insert mountains of noise into a PDF.
I usually prefer the scanned PDF in these cases, because the OCRed version often contains errors, and in cases where the book matters, those errors can be very difficult to detect (incorrect superscripts in equations and things like that). Sometimes it's so poorly scanned that I don't prefer the scan (especially a problem with scans by Google Books).
As the previous reply said, I've also seen duplicates while browsing. Would it be possible to let users flag duplicates somehow? It involves human unreliability, which is like automated unreliability, only different.
