Yes.

I absolutely love semver, but it can lead to absurdly high version numbers (a package that I maintain at work is now at something like 3.1.125). It contains mostly config for other things, so… This is somewhat expected.

I still think it’s better than just naming every version after the year of its release (like 2026.1) or random arbitrary numbers, though

It’s was even easier - KDE showed a notification, I clicked it and got a pop-up telling me about the violation and the commands to fix it of this behavior should be allowed. I could never copy&paste them from there. But yes, checking journalctl every once in a while is a good habit.

Since it was nothing that really prevented me from using the PC (e.g. virt-manager getting a violation when I shut down a VM), I reported it and waited for a bit if they’d resolve this and then just ran the commands after a two days without fix, because I wanted to get rid of the notifications

On regular Fedora 42->43 broke (or forgot to change?) a few SE Linux rules for me, so that I got constant notifications about violations. Otherwise it’s been rock solid so far.

Same, I had tried Openoffice/LibreOffice in the past and had many problems. Since I got a personal MS Office License very cheap from my employer I used that and didn’t really feel the need that much to look for alternatives.

Then about a year ago, I reworked some deployments of my self hosted things and added Collabora to my Nextcloud “just for fun”. And I was pleasantly surprised by it. Since that is based on libre office, I had the urge to check that out and realized that it should have everything I usually need. Also I was already dual booting for a while but still hadn’t really switched many “workflows” to Linux, because I was lazy to search for alternatives. This now meant that there was less friction to use Linux as a bonus.

I usually try to iterate - read available documentation (e.g. comments in a config file, product documentation,…) and try to find stuff out. If I get stuck, an LLM answer may be confidently wrong, but it may give me some new pointers in which direction I should go next. Or maybe mention some buzzwords/techniques/concepts that I might need to investigate further.

As it’s underlying concept is pattern recognition it might not be completely correct, but more often than not nudges me generally in the right direction. Bonus: Now I probably learned some things that will help me later on.

So far I never had something a little more complex that an LLM gave me a correct solution for. But as I like to tinker, explore and learn for myself, I’d probably hate getting a complete working solution without any work I did myself.

Not now, Richard!

Help, how do I get out!!!

^/s

Number, not digit. But I see what you mean.

( ͡° ͜ʖ ͡°)

Color? In my movies? That’s woke!

^/s

As the hoster wrote this:

we immediately transferred all clients’ web hosting subscriptions from this server

It looks like the binaries and the update check script were put on a simple web space. If that is the correct conclusion to draw from this excerpt, then it’d be rather strange to have the keys on that server as it’s very unlikely that it was used to produce any builds.

From my understanding: Basically the attackers could reply to your version check request (usually done automatically) and tell N++ that there were a new version available. If you then approved the update dialogue, N++ would download and execute the binary from the update link that the server sent you. But this didn’t necessarily need to be a real update, it could have been any binary since neither the answer to the update check nor the download link were verified by N++

unzip, strip, touch, finger, grep, mount, fsck, more, yes, fsck, fsck, fsck, umount, sleep

No, it’s only a loophole if you cherry pick single sentences and omit the next part that further defines and restricts it.

See my other comment: https://feddit.org/comment/11272121

As soon as a security patch is published in AOSP, they have a deadline of four months to roll it out. Sox months for ‘feature updates’.

Wrong, keep reading. You only quoted (6)(a). Now go and read (6)©:

© security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;

As soon as a security patch is published in AOSP they now have 4 months to roll out an update.

On the other hand - they could access that data all the time since they bought it. This just simplifies this a little bit to tie it to your “real” account and combine it with all the other data about you

Wait until they decide to seize it

Stolen? That’s a harsh term. We prefer “backed up to our cloud for your security”!

Good ol’ C-x M-c M-butterfly

In my pocket