mmebane (u/mmebane) - Readit News

mmebane commented on 7-Zip 25.00 github.com/ip7z/7zip/rele... · Posted by u/pentagrama

Dwedit · 6 months ago

7-Zip 15.05 is still useful today, because it was the last version to include built-in support for decompiling NSIS installer scripts. The feature was removed due to security concerns.

mmebane · 6 months ago

I've not personally used it, but there's a fork that adds NSIS decompilation back in: https://github.com/myfreeer/7z-build-nsis

mmebane commented on Ruby: A great language for shell scripts lucasoshiro.github.io/pos... · Posted by u/lucasoshiro

MikeTheGreat · 2 years ago

> I often find non-trivial CLI tools written in Python cumbersome because of the dependency wrangling necessary.

I'm thinking of trying out Mojo in large part because they say they're aiming for Python compatibility, and they produce single-file executables.

Previous to that I was using PyInstaller but it was always a little fragile (I had to run the build script a couple of times before it would successfully complete).

Currently I'm using pipx and Poetry, which seems pretty good (100% success rate on builds, and when my 5-line build script fails it's because of an actual error on my part).

Which is a round-about way of asking everyone:

Does anyone have any other good way(s) to build single-file executables with Python?

mmebane · 2 years ago

You could try Nuitka [1], but I don't have enough experience with it to say if it's any less brittle than PyInstaller.

[1]: https://nuitka.net/

mmebane commented on Recall: Stealing everything you've ever typed or viewed on your own Windows PC doublepulsar.com/recall-s... · Posted by u/todsacerdoti

kmlx · 2 years ago

> However. This is the holy grail of computer usage

i’ve seen this often and i’m trying to understand the issue. i have never wanted to go back in history or have a comprehensive history of all my actions. the only exception is the terminal and for that ctrl+r/history is more than enough. i learn, apply and move on.

what’s the use case for this recall thing?

mmebane · 2 years ago

As someone with ADHD, being able to have an assistant with perfect memory that I can ask extremely vague questions to about things I'm pretty sure I did some time between last week and 5 years ago sounds amazing. I'm skeptical Recall will actually be able to do that. I doubt its usefulness outweighs the legal and social concerns. But I can absolutely see the use.

mmebane commented on Thorium: Cross-platform patched Chromium fork github.com/Alex313031/tho... · Posted by u/nateb2022

Retr0id · 2 years ago

Chromium likely has plenty of "dormant" bugs - bugs that exist in the source code, but consistently compile to safe (or unreachable) machine code, more or less due to good luck.

This project messes with optimisation flags, which have a good chance of "waking up" those bugs (If you've ever had code work at -O1 but not at -O3, you know what I'm talking about). The same goes for compiler bugs, too. The real Chromium is aggressively fuzz tested, but this project is almost certainly not, or at least, not to the same extent.

Turning on features like JPEG-XL also increases attack surface.

mmebane · 2 years ago

It also usually only gets one release per upstream major version (and sometimes not even that), meaning a lot of Chromium security fixes can take several weeks to show up in a Thorium release. I appreciate the author's effort, but it's definitely riskier than normal Chrome/Chromium.

mmebane commented on Yuzu emulator developers settle Nintendo lawsuit, pay $2.4M in damages twitter.com/oatmealdome/s... · Posted by u/ndiddy

isoprophlex · 2 years ago

Seems to be up still...

Edit: he's dead, Jim

mmebane · 2 years ago

They started deleting repos a couple of minutes ago. I checked a lot of links and they were in the Internet Archive. I'm sure there are plenty of forks of the main repo.

mmebane commented on SQLite 3.45 released with JSONB support sqlite.org/changes.html#v... · Posted by u/genericlemon24

simonw · 2 years ago

If anyone wants to try this out on macOS here's the fastest way I've found to try a new SQLite version there: https://til.simonwillison.net/sqlite/sqlite-version-macos-py...

Short version:

    cd /tmp
    wget 'https://www.sqlite.org/2024/sqlite-amalgamation-3450000.zip'
    unzip sqlite-amalgamation-3450000.zip
    cd sqlite-amalgamation-3450000
    gcc -dynamiclib sqlite3.c -o libsqlite3.0.dylib -lm -lpthread
    DYLD_LIBRARY_PATH=$PWD python3 -c "import sqlite3; print(sqlite3.sqlite_version)"

That prints "3.45.0" for me.

If you have https://datasette.io/ installed you can then get a web UI for trying it out by running:

    DYLD_LIBRARY_PATH=$PWD datasette

mmebane · 2 years ago

FWIW, this works for me with Python 3.12 from Homebrew, but not Python 3.12 from python.org. _sqlite3.cpython-312-darwin.so in Homebrew's Python appears to dynamically link /opt/homebrew/opt/sqlite/lib/libsqlite3.0.dylib, but the version in python.org's Python statically links the sqlite3 library.

EDIT: Python 3.9.6 from Xcode doesn't work either. It has _sqlite3.cpython-39-darwin.so which dynamically links /usr/lib/libsqlite3.dylib, but that dylib doesn't exist on my system, and I don't know enough about macOS internals to tell where it's coming from. The _sqlite3 so doesn't seem big enough to have it statically linked.

EDIT2: Xcode's Python works when launching via the real path instead of using the /usr/bin/python3 alias, I assume because /usr/bin is SIP-protected or something.

mmebane commented on Japan to crack down on Apple and Google app store monopolies asia.nikkei.com/Business/... · Posted by u/mfiguiere

Jensson · 2 years ago

Games are the main appstore revenue driver, and I don't think that game ports have much to do with iOs standards. It isn't like Fortnite or Genshin Impact on iPhone is significantly different than on Android.

mmebane · 2 years ago

Genshin Impact is (potentially) an interesting case - the iOS version has supported game controllers for almost 3 years now, but there's been no hint of support coming for Android. There's definitely some suspicion in the Genshin community that Apple has an understanding or agreement with Hoyoverse to keep iOS the premier mobile platform.

mmebane commented on Advent of Code 2023 is nigh adventofcode.com/2023/... · Posted by u/i13e

kif · 2 years ago

I don't know if I'll even bother this year. Their puzzles start feeling like chores by the 10th problem or so and I drop out. Maybe I'll learn a new language to spice it up this year.

mmebane · 2 years ago

I tried AoC for the first time last year, and that was pretty much my experience. A week or so of easy problems, then 1 or 2 that were still pretty straightforward but a bit more tedious, then 1 that was a lot more work because you were supposed to derive some of the rules from the example. I don't think it would've been too hard, but like you said, it was starting to feel like a chore at that point, so I stopped.

mmebane commented on What's New in Python 3.12 docs.python.org/3/whatsne... · Posted by u/alexfromapex

reallymental · 2 years ago

I've been using python for the past 10+ years, and I've got to say that the new Syntactic formalization of f-strings (PEP 701) has got to be one of the most "huh?" changes I've seen in a while.

Was this such a big problem?

In my experience, the GIL, faster start-up times are so much higher on the totem pole, why this now?

mmebane · 2 years ago

It's a nice quality of life improvement. Most other languages I've used with some form of string interpolation allow quotes in nested expressions to be the same as the quotes on the top-level string, and this has IMO been a weird wart in Python. I'm happy to see it fixed.

mmebane commented on Anti-Anti-Adblocker uBlock filter to get rid of the annoying YouTube message twitter.com/endermanch/st... · Posted by u/the_bookmaker

gruez · 2 years ago

>AFAIK at this point most of the "ripping" of decryption keys/etc for streaming content happens not by attacking the TPM, but by using android devices that are allowed to skate with reduced security modes, and just having a giant stack of them so when one device gets banned they throw it away and move onto the next.

Without a TEE (eg. trustzone), you're not going to get anything above 540p, at least with widevine. Note TEE is baked into the SoC itself, so while it's not impossible to find a bug, it's much harder than finding a exploit in android or system apps.

mmebane · 2 years ago

I unfortunately can't find references at the moment, but I've heard that some/most of this is done with nVidia Shield TV boxes which have the same Tegra X1 security flaws used to exploit the early Nintendo Switches.