Our great sponsors
-
electron-builder
A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
omapsapp
🍃 Organic Maps is a free Android & iOS offline maps app for travelers, tourists, hikers, and cyclists. It uses crowd-sourced OpenStreetMap data and is developed with love by MapsWithMe (MapsMe) founders and our community. No ads, no tracking, no data collection, no crapware. Please donate to support the development!
-
slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
MacOS pulled it for me
Replaced it with NightFall
https://github.com/r-thomson/Nightfall
> The ‘autoupdater’ does three things,
>
> - check the app for updates (using Sparkle)
> - report any crashes (using Sentry)
> - start a local HTTP proxy on port 40701 (this can be changed using the configuration json file in the app bundle).
>
> The latter is of course, not to be expected of any app on the machine, especially not one that just claims to be an auto updater.
Well, yes. And no.
For example, electron-builder [^0], a popular framework used for Electron app packaging and auto-updates, uses a local update server on Mac [^1] to add a more sane system backed by a more insane system, Squirrel.
[^0]: https://github.com/electron-userland/electron-builder
[^1]: https://github.com/electron-userland/electron-builder/blob/m...
OrganicMaps is a FOSS fork of maps.me I believe.
I've been using it and it is great.
https://github.com/organicmaps/organicmaps
Disabling UPnP makes your system more secure, but unless you also disable all NAT ALGs in your router, you're still exposed to its dangers.
I don't think most routers have a setting for that, so if infected devices are part of your security model, it would be wise to assume NAT is entirely non-functional because of [NAT slipstream attacks](https://samy.pl/slipstream/). An infected device can modify the router's NAT table to effectively act like UPnP, except they don't provide a user interface for you to audit.
If you're NAT free (i.e. only use IPv6) disabling UPnP can be a decent security measure if you're willing to manually do all of your firewall exclusions, but honestly host firewalls are the only reliable protection method for most people these days.
As a maintainer of a semi-popular chrome extension[1], I receive so many buy-out offers that I started publicly collecting them[2] for everyone to see.
[1] https://chrome.google.com/webstore/detail/hover-zoom%20/pccc...
[2] https://github.com/extesy/hoverzoom/discussions/670