Perfect example of a (part of a) security vulnerability being fixed in a commit that doesn’t immediately seem security related and would never be back ported to a stablestale distro

The code which parses the binary MaxMind database after decompression is well guarded as of 2024 but used to look different, potentially providing more attack surface. There is also an interesting commit where a contributor makes adjustments to the gzip::decompress() function which hints at a stack overflow, as the destination buffer was changed from static allocation on the stack to dynamic allocation on the heap, though it was not exploitable due to checks before it is written to

The problem is not the RSA math itself but that it is both extremely slow and implementing it is particularly susceptible to bugs and side channel attacks https://blog.trailofbits.com/2019/07/08/fuck-rsa/

The article on theregister stated

Also inside the uploaded source code was some GPL 2 source code, which renders the not-very-open WCL moot.

Winamp published their code as “open source”. Problem is…

1. It wasn’t open source, it was proprietary but you can see the source code.
2. Their custom license didn’t even allow forks, which is against GitHub TOS
3. The codebase apparently contains proprietary code from third parties that they don’t have the right to relicense.
4. The codebase apparently contains GPL code from third parties that they probably didn’t have the right to make proprietary in the first place

This is a standard feature on any IPv6 enabled network if you enable IPv6 Privacy Extensions

Wait till you hear about the idiots who unironically make that argument for banning Bitcoin too

Accessing printers? Resolving hostnames of internal hosts? I can’t imagine having a lan without mDNS

They’re already trying. Payment processors and big banks are increasingly refusing to do business with porn companies, and even sites that host nsfw artwork with no actual participants.

I’m pretty sure there’s nearly zero overlap between Monero users/people who actually use cryptocurrency as payment and “crypto bros” (those who use Bitcoin and shitcoins as investments)

This would not be the default behavior of yt-dlp. Run yt-dlp -vF <video> to view the sort order used. Acodec should come before abr.

It used to be the behavior of the original youtube-dl, however.

Resampling does not lead to any perceptible quality loss, but encoding to aac with libavcodec’s encoder (as YouTube does) definitely will. At the very least, it cuts all frequencies above 15 kHz which are potentially audible. Opus does not, and 128k opus is usually considered transparent.

I can’t find it but somewhere there’s a very detailed explanation from Monty himself about it

Are you using the very latest version? YouTube changed their site again a few days ago and it broke yt-dlps ability to find all thr formats. Update yt-dlp and it should be back to normal. yt-dlp will prefer the opus when it is available by default.

Opus is much better than (YouTube’s) m4a. m4a is better than mp3 (which is an obsolete 30 year old format). YouTube doesn’t serve mp3 (so creating one means re-encoding), and re-encoding lossy formats always loses quality.

I’ve never had any issues getting mail delivered to major providers

yt-dlp is pretty much the standard program for it https://github.com/yt-dlp/yt-dlp

It is installable as a python module, so it should be easy to sandbox if you need to (though it requires ffmpeg too). Nowadays I almost view it as a standard unix utility though and wouldn’t think twice about installing the native package

Ok but I don’t see how that was ever in dispute?

It was always pretty bad, musk just made it worse

It’s unfortunate that the other users are ignoring your actual question… You should still be able to bind qbittorrent to the wireguard interface, and you definitely MUST do so in order to make sure you’re safe (if the VPN drops, you don’t want it to fall back on your normal connection). If you aren’t sure what the wireguard interface is names, try running ip a before and after activating the VPN connection and compare them.

Port forwarding allows other users to connect directly to your torrent client. Without it, it’s much more difficult for you to connect to other people who aren’t port forwarded (though not impossible if there’s a third, mutually connected client who can facilitate initiating the connection). Things will generally still work without it, but youll connect to fewer people, so it might be slower. And if you’re downloading rare torrents, you might have to be patient and wait for someone else to join and facilitate the connection

Also, if you happen to be learning Japanese, Chinese, or Korean, check out https://github.com/themoeway/yomitan

Facebook may be evil but I don’t think they’re anywhere near “inject malware into global supply chains to push adoption of a public engineering side project that they don’t directly profit from and most executives don’t care about” level of evil. Is it possible? Sure anything is possible, but that is wildly beyond many many more plausible explanations and there’s zero evidence leading us down this path. And why would they go through the trouble of backdooring zstd, which has a highly observed codebase, when they just successfully backdoored lzma because it didn’t have a lot of maintainers?

While it’s true that zstd is commonly favored for having “good” compression at blazingly fast speeds, which is useful on the web and on servers, Zstd 's max compression setting (zstd --long -19) is actually within about 5% of LZMA’s but faster, so it replaces most use cases of LZMA except when that extra 5% (and that’s not even constant; some inputs are even better on zstd) really does matter at all speed cost

The first 3 seem incredibly far-fetched.

• What exactly does Facebook gain from more people using zstd, other than more contributions and improvement to zstd and the ecosystem (i.e. the reason corporations are willing to open source stuff).
• Why do you consider zlma to be loved among pirates and hackers and zstd not to be, when zstd is incredibly popular and well-loved in the FOSS community and compresses about as well as lzma?
• Every person in the world uses both lzma and zstd extensively, even if indirectly without them realizing it.

I think it’s likey that, of all the mainstream compression formats, lzma was the least audited (after all, it was being maintained by one overworked person). Zstd has lots of eyes on it from Google and Facebook, all of the most talented experts in the world on data compression contributing to it, and lots of contributors. Zlib has lots of forks and overall probably more attention than lzma. Bz2 is rarely used anymore. So that leaves lzma