the info line contains the answer:

Info: applications using this runtime: io.github.Hexchat

You need to remove Hexchat if you want to remove the end-of-life runtimes it requires.

I regret to inform you that the maintainer wrote in February 2024: This will be the last release I make of HexChat. The project has largely been unmaintained for years now and nobody else stepped up to do that work.

My computer uses both system and user remotes.

Because my .var directory is almost full, […]

If you’re low on disk space you probably want to have everything installed as either user or system, to avoid having some runtimes installed in both.

Here is the paper: Dutch courage? Effects of acute alcohol consumption on self-ratings and observer ratings of foreign language skills (sci-hub pdf link).

It was published in 2017 but only won the Ig Nobel prize this year.

Thanks for pointing this out. Looking closer I see that that “journal” was definitely not something I want to be sending traffic to, for a whole bunch of reasons - besides anti-vax they’re also anti-trans, and they’re gold bugs… and they’re asking tough questions like “do viruses exist” 🤡

I edited the post to link to MIT instead, and added a note in the post body explaining why.

paywall bypass: https://archive.is/mdi9x

It is now official. Netcraft has confirmed: Distrowatch is dying.

One more crippling bombshell hit the already beleaguered Distrowatch community […]

There are several ways to; afaik waypipe is the best one.

you can still use OpenRC instead if you want, and sxmo will continue to do so by default.

you can read here about why they added systemd.

I’m planning on revitalizing and bringing this old Itautec to the 21st century

I think it was born in the 21st century? From this it looks like the first Celeron M was in 2004, and the first at that clockspeed was 2005.

Also, 2GB of RAM is plenty for many purposes - that’s more than any Raspberry Pi before the Pi 4 had!

At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.

I used to use it long ago, and was pretty happy with it.

sure. first, configure sudo to be passwordless, or perhaps just to stay unlocked for longer (it’s easy to find instructions for how to do that).

then, put this in your ~/.bashrc:

alias sudo='echo -n "are you sure? "; for i in $(seq 5); do echo -n "$((6 - $i)) "; sleep 1; done && echo && /usr/bin/sudo '

Now “sudo” will give you a 5 second countdown (during which you can hit ctrl-c if you change your mind) before running whatever command you ask it to.

Nice post, but your title is misleading: the blog post is actually titled “Supply Chain Attacks on Linux distributions - Overview” - the word “attacks” as used here is a synonym for “vulnerabilities”. It is not completely clear from their title if this is going to be a post about vulnerabilities being discovered, or about them actually being exploited maliciously, but the latter is at least not strongly implied.

This lemmy post however is titled (currently, hopefully OP will retitle it after this comment) “Supply Chain Attack found in Fedora’s Pagure and openSUSE’s Open Build Service”. edit: @OP thanks for changing the title!

Adding the word “found” (and making “Attack” singular) changes the meaning: this title strongly implies that a malicious party has actually been detected performing a supply chain attack for real - which is not what this post is saying at all. (It does actually discuss some previous real-world attacks first, but it is not about finding those; the new findings in this post are vulnerabilities which were never attacked for real.)

I recommend using the original post title (minus its “Overview” suffix) or keeping your more verbose title but changing the word “Attack” to “Vulnerabilities” to make it clearer.

TLDR: These security researchers went looking for supply chain vulnerabilities, and found several bugs in two different systems. After responsibly disclosing them, they did these (very nice and accessible, btw - i recommend reading them) writeups about two of the bugs. The two they wrote up are similar in that they both involve going from being able to inject command line arguments, to being able to write to a file, to being able to execute arbitrary code (in a context which would allow attackers to perform supply chain attacks on any software distributed via the targeted infrastructure).

as i said, it “is about to be released”.

or, one could also say that the the 3.0.0 source code has been released, but the official binaries haven’t been yet :)

edit: i see https://flathub.org/apps/org.gimp.GIMP has 3.0.0 now, and from https://testing.gimp.org/downloads/ i see that https://download.gimp.org/gimp/v3.0/linux/GIMP-3.0.0-x86_64.AppImage is also there. presumably https://www.gimp.org/downloads/ will be updated very soon.

Could anybody in short explain, what I have to understand from “it’s tagged”?

Git is the most popular version control system, which lets developers track changes to software source code. A “tag” applies a name (or version number) to a specific point in the history.

The commit shows that there was a longer with 3.0.0 tag before and now its just 3.0.0

The link goes to a commit which is tagged GIMP_3_0_0, and shows the change made in this commit. This commit happens to change the version line in a file called meson.build - this file configures Meson, which is used to build GIMP. The version is being changed from 3.0.0-RC3+git to 3.0.0. The string “RC3” in the previous version number is short for “release candidate 3”, and “git” here means that there were additional changes since “release candidate 3” was released.

What does that tell us? :D

So far the news and downloads pages still haven’t been updated, but the version being changed to 3.0.0 and this commit being tagged tells us that GIMP 3.0.0 is about to be released: official binaries and an announcement about it can be expected to appear very soon.

The tag means no more changes will be included in 3.0.0; if some show-stopping bug were discovered now, the version number would be incremented to 3.0.1 rather than to include a fix in 3.0.0. (Technically, a tag can be updated/replaced, but by convention it is not.)

I remember years ago reading about how the GEGL backend would one day enable some “non-destructive editing” features; I just decided to figure out how that works and I see it was sort-of implemented a long time ago but in 3.0 the UI is much better: many things under the Filter menu now have a Merge filter checkbox in their dialog. When that box is unchecked, then applying the filter will make it a (non-destructive!) layer effect and an fx icon will appear for the layer (in the dockable layers dialog, which you can reach with ctrl-L if it isn’t visible). You can apply any number of layer effects, and when you click the fx icon you can reorder them or modify their settings. Very cool!

Another tip (not new to 3.0): you can type / to open the Search actions window, which lets you quickly find various functionality without needing to dig through menus to figure out where something is :)

If you want to try a 3.0 release candidate before it is released, it’s easy to install it from the flathub-beta repo as described here. (That page is embarrassingly out of date and says “The current development release of GIMP is 2.99.6 (2021-04-26)” but if you follow the instructions there you’ll currently get version 3.0.0~rc3 which is the latest release candidate from earlier this month.)

I’m confused as to why this 404media story neglected to link to the post in question.

to get from this article to the post that it is about, i had to type in the bsky username from the screenshot and scroll through the timeline. to save others the effort:

https://bsky.app/profile/marisakabas.bsky.social/post/3liwlwvvq6k2s is the post which was removed.

https://bsky.app/profile/marisakabas.bsky.social/post/3lj3yrzc6is2p is the thread about it being removed and later restored.

weird, i wonder why. i just checked on an ubuntu 24.04 system to confirm it is there (and it is).

i guess your computer’s power button might not be supported (out of the box, at least) by Linux’s acpi implementation :(

big oof.

We can conclude: that photo isn’t AI-generated. You can’t get an AI system to generate photos of an existing location; it’s just not possible given the current state of the art.

the author of this substack is woefully misinformed about the state of technology 🤦

it has, in fact, been possible for several years already for anyone to quickly generate convincing images (not to mention videos) of fictional scenes in real locations with very little effort.

The photograph—which appeared on the Associated Press feed, I think—was simply taken from a higher vantage point.

Wow, it keeps getting worse. They’re going full CSI on this photo, drawing a circle around a building on google street view where they think the photographer might have been, but they aren’t even going to bother to try to confirm their vague memory of having seen AP publishing it? wtf?

Fwiw, I also thought the image looked a little neural network-y (something about the slightly less-straight-than-they-used-to-be lines of some of the vehicles) so i spent a few seconds doing a reverse image search and found this snopes page from which i am convinced that that particular pileup of cars really did happen as it was also photographed by multiple other people.