Aww, okay. I'll just have to go back to licking Switch cartridges then...

I think this one will work. Most of these games are already "multihomed" on different ad networks and display the one that is most profitable to them at any given time, or a semi-random mixture. The differences in profitably aren't that huge, and it will get even worse if advertisers run away from Unity too. Unity is making an absolute killing from their ads division, and this is now being threatened.

And who are the advertisers? Other game devs. The whole mobile game advertising scene is one gigantic ouroboros with the ad platforms cutting off a huge portion in the middle. If you leave, you're going to both stop showing ads and stop your advertising there.

This is a fun one we're gonna be hearing about for a while...

It's fortunate it was discovered before any major releases of non-rolling-release distros were cut, but damn.

Senior YAML programmer

Won't help here; this backdoor is entirely reproducible. That's one of the scary parts.

Given that the UUID changed, you almost certainly made a new LUKS container, overwriting the old one. That's bad, because the LUKS header is the only source of the actual encryption key that was used, and making a new one will overwrite both the main header as well as its backup copy immediately. Your password/keyfile/whatever is merely used to decrypt the part of the header that has the actual encryption key, and that's gone in that case.

Unless you have access to a header backup from before that, there's a fairly strong chance it's irrecoverable. I'd suggest going through any archives you might have to see if you have such a backup - most of the instructions on the Gentoo wiki encourage making one, so you might have made one through the power of copying & pasting instructions. Should be a file of around 16MB.

You haven't been able to give them nothing for over 2 years now. For this particular bundle, the minimum split for Humble is 30% and the default split is an insane 45% to Humble, 50% to the company and 5% to charity.

Humble is unfortunately still coursing by on their old reputation of being charity-friendly, but they changed to be one of the worst players around years ago. That goodwill from back then has really been depleted.

It's not what the buttons look like, it's what they do. In Krita, making an ellipse involves clicking the ellipse button and dragging it somewhere. You now have an ellipse, and you hold shift if you want to make it a circle instead.

In GIMP there is no direct ellipse tool, there's only an ellipse select tool, likewise you hold shift to make it a circle. Then you use a menu item to select the border of your selection, getting a popup to let you determine how much pixels you want. And then, you use the fill tool or fill menu item to fill it. That's a surprising amount of clicks to accomplish what's most likely the single most common task for anyone opening a screenshot in an image editor. I'm not aware of any easier/faster method to do it. Feels like it should exist, but this is also what you get if you search for how to draw a circle in GIMP, so if it exists everyone's missing it.

GIMP's method gives you more power, but you rarely ever need that power. But when you do, Krita also has ellipse select, border select and various fill tools that can be strung together in the same way.

DP is very much not free. VESA themselves is happy to tell you that DisplayPort is excluded from their list of free standards, and the leaked copies of old standards are stamped with a "distribution to non-members is prohibited" notice on every page.

I'm not sure where that misconception came from, but it really needs to stop at some point. The best thing to say about VESA is they're slightly less bad than the HDMI Forum. But only by so little.

Unfortunately, it's definitively an instance of intentional design. This whole consent dialog thing became a booming "consent management platform" industry. Many of them advertise better acceptance rates than the competition, or used to but have removed those claims in more recent times now that the big GDPR boom is over.

This particular dialog is TrustArc, who are infamous. At one point they defended it with a "well, we gotta retry if it fails to make sure your preference is expected, and we can't know if your adblocker is causing it to fail or if it's just a fluke", which is one of those things where they say something that's not totally wrong but you know they're lying through their teeth.

"I haven't even done anything in 6 months" is a really funny statement to make as mod. Apparently they never considered just... not being a mod for a place they don't care about?

Reproducible builds generally work from the published source tarballs, as those tend to be easier to mirror and archive than a Git repository is. The GPG-signed source tarball includes all of the code to build the exploit.

The Git repository does not include the code to build the backdoor (though it does include the actual backdoor itself, the binary "test file", it's simply disused).

Verifying that the tarball and Git repository match would be neat, but is not a focus of any existing reproducible build project that I know of. It probably should be, but quite a number of projects have legitimate differences in their tarballs, often pre-compiling things like autotools-based configure scripts and man pages so that you can have a relaxed ./configure && make && make install build without having to hunt down all of the necessary generators.

No, I most definitively hate Jira (and also my manager). Jira is the only software I've had to use where 10+ second page load times are a regular everyday occurrence. On their cloud hosting, so it's not like we could do anything to fix it other than filing tickets... which we were told to simultaneously keep doing so they can track it but also stop doing because it's working as intended and we were wasting their time and abusing support.

JQL is absolute garbage, and it doesn't even take hindsight; they took SQL but in an attempt to simplify it, they broke everything about it. Whether any particular functionality is a field or a function to run on some other field is a mystery. And if you're using Jira Service Management, it gets infinitely worse; everything is bolted on in a terrible way.

Every interaction between their "Kanban board" and "ticket" system is confusing. They pull from the same database, except not quite, except they do. It's a representation of data, but not the same representation the data is in. If you have any kind of custom workflow setup at all - which the blog both criticizes as bad and uses as a reason to explain why Jira is the only good option (????) - it will simply never do the right thing unless they map 1 to 1.

There are all kinds of perpetually missing features. Multiple assignees are a big one, there is simply no correct way to represent "John and Bob will spend some time together brainstorming about a new architecture" or simple things like pair programming, despite that being a fairly significant task that should somehow be accounted for in planning. You can half-ass it with custom fields or sub-tasks, but then the entire ecosystem of tooling built on the assignee field crumbles.

Likewise, you can't assign issues to a "virtual" position of any kind, all you can do is leave them unassigned or make (and pay license costs for) a fake user. It's not possible to represent concepts like "the first available person from the Ops team" or "whoever is currently managing the security team" unless you make it into a status and leave it unassigned, which causes a massive amount of issues when multiple teams led by different managers are working on one project or someone is temporarily or permanently unavailable for whatever reason (vacation/sick/etc). Planning software that cannot deal with people being unavailable is worthless.

Permissions are a complete mess. There's all kinds of funny interactions between admin and project permissions, and some things are in what could have obviously never been the correct spot. How it ended up with project releases being an administrative permission speaks volumes about how poorly everything is designed. Happy tenth anniversary to the cloud ticket, the original server one has another decade on it. Twenty YEARS of the most basic feature imaginable not existing when the initial implementation was patently incorrect to begin with.

It was made as result of an EU settlement that only lasted about 5 years. https://en.wikipedia.org/wiki/BrowserChoice.eu

I have absolutely no idea why they figured 5 years would be good enough.

Ah, preemptively justifying a repeat of the last time they fucked with the media.

Yum, smells like microwaved 'microwave-safe' plastic!

The current advisory is in webm (VP8 specifically). The webp one was 2 weeks ago. ...yeah, not a good time for web browsers lately...

(edit: noticed OP actually did link the webp one, I thought it'd be CVE-2023-5217 because that's being linked elsewhere)

View -> User Interface, change to Tabbed or Tabbed Compact (or Notebookbar in old versions).

Already been done, there's a data dump of every MM1 course on archive.org. The dump is dated but it came after level uploads for MM1 were shut down so it should be about as complete as it gets, minus courses deleted by Nintendo before that.

Actually playing anything seems to be quite complex but there's some instructions in the reviews, so it should be doable for someone to set up a replacement server in the future (Pretendo network already has the basics for custom Wii U online running).

The KeePassXC people are also volunteers and dealing with the fallout of this decision.