Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
PowerShell-OpenAuthenticode
Cross platform PowerShell implementation of Authenticode signing and verification
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Lack of open governance explains the fork in 2002. [0] The github commit history shows it's still a largely one-person-band. [1] The problems with this include a lack of succession planning, a lack of ability to scale bandwidth, and a narrower pool of ideas. The documentation website is really out-of-date as it mentions using a Borland compiler.
Alternatives to IM:
- https://www.libvips.org
- http://www.graphicsmagick.org (IM fork)
0. https://marc.info/?l=imagemagick-developer&m=104777007831767...
1. https://github.com/ImageMagick/ImageMagick
Just throwing in that the dollar value isn't the only cost. I've been using an automated release workflow tomanage signing, eg
https://github.com/technion/rustypwneddownloader/blob/main/....
This worfklow isn't usable with these new rules, and I'm having a hard time with the assertion that moving builds to my desktop to use a hardware signing key and uploading them in a non automated, non transparent fashion is an improvement on security.
A certificate that says "this installer really did come from the owner of exampleapp.com" is better than users just trusting whatever random file came up in a Google search.
And meanwhile, in Linux land, people will install things by piping curl into bash[0][1], so the bar is just not that high. And the ultimate answer to security will come from better app sandboxing, not from charging every native-app developer in the world $700/year for a code signing certificate.
[0] https://docs.chef.io/chef_install_script/ [1] https://github.com/zyedidia/micro#quick-install-script
I’ve found the easiest option available here is through using Azure KeyVault to store the keys. I use a custom module to sign my PowerShell scripts and dlls [1] for this because I can integrate it with OIDC to sign the code using the keys stored in the Azure HSM. While the builtin pwsh Set-Authenticode cmdlet can’t do this currently there are other options that rely on Window’s authenticode APIs like AzureSignTool [2] that I highly recommend.
While I’m unsure if Azure is suitable for actual companies I think the risk is ok for what I need it for and the API quality as well as OIDC support make it quite nice to use with GHA.
[1] https://github.com/jborean93/PowerShell-OpenAuthenticode
[2] https://github.com/vcsjones/AzureSignTool
My desktop text editor, KeenWrite, uses Wine, rcedit-x64.exe, osslsigncode, and a shell script. First, rcedit-x64.exe tags the binary with identifying information:
https://gitlab.com/DaveJarvis/KeenWrite/-/blob/main/installe...
Then osslsigncode applies the certificate:
https://gitlab.com/DaveJarvis/KeenWrite/-/blob/main/scripts/...
Echoing what Rodeoclash wrote: Having to pay to play on Windows for an open-source project that makes $0 is a decline of ownership over our own machines.
We're off topic here, but in pyvips (for example) you can do text overlays like this:
https://github.com/libvips/pyvips/blob/master/examples/annot...
tldr: make an image containing your text, composite it over the image you want to annotate.
Related posts
- GitHub - benhoyt/dhash: Python library to calculate the difference hash (perceptual hash) for a given image, useful for detecting duplicates
- I'm working on a big program in Python 3.9. One of the libraries works only in Python 3.6. Is it possible to import a function from another file and have it be run by a different Python version?
- Flatpak Freddy lookin fine and ready
- Sharp – fast image conversion in Node.js
- Supervision – reusable computer vision tools