homebrew-core
matrix-react-sdk
Our great sponsors
homebrew-core | matrix-react-sdk | |
---|---|---|
132 | 11 | |
13,184 | 1,069 | |
0.8% | 1.1% | |
10.0 | 9.9 | |
4 days ago | 5 days ago | |
Ruby | TypeScript | |
BSD 2-clause "Simplified" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
homebrew-core
-
GitHub Disabled the Xz Repo
Is disabling the compromised repo the typical GitHub policy? My concern is there are monorepos used by package managers, like brew, that are a collection of thousands of projects [1]. These monorepos seem like a prime target for attack and if GitHub disables one because a malicious commit was merged then you've taken down an entire ecosystem.
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
> Correct. Though we do not appear to be affected, this revert was done out of an abundance of caution.
-
Pyenv – lets you easily switch between multiple versions of Python
> right, but now you know even less about your setup when you some roadblock
This is the same with a binary though. And with homebrew, you can't follow patches or flags used or if they change.
- https://github.com/Homebrew/homebrew-core/blob/c964ad7fa53ad...
- Apple curl security incident 12604
-
Cowsay
definitely be careful about using fortune in a corporate environment or public space if you don't know what dat files you are using or you might just get an extremely unwelcome surprise.
I was practicing a presentation and used to use "fortune" all the time. I forget exactly what it output but I remember being absolutely mortified about what could have happened if that had popped up during an internal company tech talk.
Kudos to brew for keeping unsuspecting people safe
https://github.com/Homebrew/homebrew-core/commit/3fb3c4c3e55...
-
Ask HN: Trouble with a Stargate
I'm sorry to be asking this as I find it a bit silly, but it's blocking my PR [3], so could a few of you star the project on Github [1] to get my PR to run?
[1] https://github.com/laktak/chkbit-py
[2] https://brew.sh
[3] https://github.com/Homebrew/homebrew-core/pull/160018
- Simulate an Ubuntu-like VM inside macOS
- When open source platforms are worse than closed source
- Homebrew Rejects the Idea for Post-Install Notes
- Homebrew team's developer harassment. They won't remove my software?
matrix-react-sdk
-
Why is this change being pushed despite overwhelmingly negative feedback?
There's already an (old pull request)[https://github.com/matrix-org/matrix-react-sdk/pull/9240] out for custom emotes for the element client but is blocked by acceptance of spec and other minor issues with code style.
- Client that allows changing online status?
-
Practically-Exploitable Cryptographic Vulnerabilities in Matrix
You are completely misinterpreting my quote, which makes me question whether you are acting in good faith.
Totally agreed that Signal servers cannot just add a device to a group chat.
What I saying was: in any system, you have to verify users for security in general. Having verified users in Matrix, you then get a massive red warning if an unverified device is added to their accounts. Given we have cross-signing (i.e. users are heavily encouraged to verify their own devices when they log in), you can be sure that such unverified devices are malicious and take appropriate action.
The obvious thing we could do is to go one step further (as we used to, until we backed it out in https://github.com/matrix-org/matrix-react-sdk/pull/3837) and stop messages from flowing until the unverified device has been dealt with. Even better would be to make group membership controlled by the clients, so the server can't add devices at all. And we're working on this, as part of shifting the implementations over to the audited matrix-rust-sdk-crypto implementation to avoid having to solve the problem in quadruplicate.
> I would challenge you to get one reputable cryptographer to back what you’re claiming about these vulnerabilities and your proposed fixes.
Hopefully someone will pop up here and confirm that I'm not talking shit :) Failing that, you'll have to wait for the next Least Authority audit - we have another independent public audit queued once this wave of work finishes to address the "To me Matrix isn't secure" polemicists. You can see the previous one (on the crypto layer, rather than the group membership layer) at https://matrix.org/blog/2022/05/16/independent-public-audit-... fwiw.
-
Matrix: Third Room Tech Preview
1. We are about to replace the composer in Element with a sparkly new (optional) wysiwyg editor in the coming weeks: https://github.com/matrix-org/matrix-wysiwyg
2. totally agreed. we are completely reworking the crypto UX; there’s already https://github.com/matrix-org/matrix-react-sdk/pull/8228 asa proof of concept of what’s to come.
3. glad you like Cinny - it’s written by ajbura, whose dayjob is at Element and built the UI for Third Room. Element is not “the official app” - it’s just the one that happens to be written by folks from the Matrix core team. If you prefer Cinny, knock yourself out. Meanwhile we’re frantically improving Element too.
-
Mistakes to Avoid Before Submitting Your Pull Request
Unlike any open source projects to which I've contributed, this project involves 2 other repos, matrix-react-sdk and matrix-js-sdk. As explained in the Development guide in the element-web repo, I need those 2 SDKs in order to build Element successfully for code contribution.
-
Revolt: Open-source alternative to Discord written in Rust
> Also, you can do toggle mute via hotkey (which we have a draft for at https://github.com/matrix-org/matrix-react-sdk/pull/2280), but this is surely a bonus feature.
Proper Push-To-Talk with global hotkey is one of those features that doesn't seem important but when you need it (organizing Raids in games, big meetings, etc) it makes a world of difference. That and lack of click to join voice rooms is definitely making it harder to move gaming groups over.
-
Alternatives to discord for chatting and streaming
Encryption is now enabled by default for 1:1 chats. There's an MR for adding GIF support but looks like they are not interested in it.
- Can' figure out how to run this open-source code
-
One keyboard bug three decades in the making
This is a really common failure mode - people forget to explicitly assert that the other modifiers are off when checking for a modifier being on. I had to go through and fix all the ones in matrix-react-sdk (element web) a few years ago: https://github.com/matrix-org/matrix-react-sdk/pull/825/file...
-
Hey Electronjs I Built Meetinone A Mac App For
Exposing the desktopCapturer to the render process and then using it inside the web app
What are some alternatives?
yt-dlp - A feature-rich command-line audio/video downloader
matrix-js-sdk - Matrix Client-Server SDK for JavaScript
asdf-python - Python plugin for the asdf version manager
awesome-revolt - Collection of Revolt libraries, bots, clients and other cool stuff.
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
Mastodon - Your self-hosted, globally interconnected microblogging community
homebrew-php - :beer: Homebrew tap for PHP 5.6 to 8.4. PHP 8.4 is built nightly.
backend - Monorepo for Revolt backend services.
osxfuse - FUSE extends macOS by adding support for user space file systems
documentation - Revolt documentation website.
homebrew-cask-versions - 🔢 Alternate versions of Casks
mjolnir - A moderation tool for Matrix