Readit News logoReadit News
ronjouch commented on Calibre 8.0   calibre-ebook.com/whats-n... · Posted by u/thawawaycold
xd1936 · 5 months ago
Is the author still weird about maintaining his own dependencies[1]? I haven't used this program in a while.

1. https://redd.it/9wodtq

ronjouch · 5 months ago
This specific point about maintaining his own version of python2 to not move to python3 was addressed by Calibre contributors who did the job (that author didn't want to do) of migrating to python3.
ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
jrockway · 5 months ago
You can trust (in time), but you can't blindly upgrade. Vendor or choose to "lock" with a cryptographic hash over the files your build depends on. You then need to rebuild that trust when you upgrade (wait until everyone else does; read the diffs yourself).

There is something to be said for the Go proverb "a little copying is better than a little dependency", as well. If you want a simple function from a complicated library, you can probably copy it into your own codebase.

ronjouch · 5 months ago
> the Go proverb "a little copying is better than a little dependency"

What a nice way to put it! Thanks for the mention and thanks for making me discover https://go-proverbs.github.io/ .

ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
juliob · 5 months ago
You shouldn’t need an extension just to add a keyboard shortcut for a menu item. Doesn’t your OS let you map that? On macOS you can in Keyboard Settings
ronjouch · 5 months ago
Indeed, one point for MacOS! I use GNOME.
ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
xboxnolifes · 5 months ago
It's not useless. It shows the scale at which extension authors get offers for buyouts. The intended buyer doesn't exactly matter.
ronjouch · 5 months ago
Precisely. Thank you.
ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
mubou · 5 months ago
This is why I fork the extensions I use, with the exception of uBlock. Basically just copy the extension folder, if I can't find it on GitHub. That way I can audit the code and not have to worry about an auto-update sneaking in something nefarious. I've had two extensions in the past suddenly start asking for permissions they definitely did not need, and I suspect this is why.

Btw, here's a site where you can inspect an extension's source code before you install it: https://robwu.nl/crxviewer/

ronjouch · 5 months ago
Yeah, and thx for the link to the neat crx explorer.

Close to what you do, I started writing my own addon to replace a couple addons whose featureset I use only partially.

For example, when I use Chromium I want 1. to customize the New Tab page, and 2. to add a keyboard shortcut to pin/unpinTab. These two features are absolutely part of extensions, but in addition to the security risk I find them heavy (I don’t need the kitchen sink, just need 2 micro-features!). And so, I have my little personal addon with zero resource usage with just these two features. It’s tiny (20 lines of code!), git-versioned, and never changes / gets pwned. When I need an extra micro-feature, it’s easy enough to add it by searching addons docs, of asking an LLM.

ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
_boffin_ · 5 months ago
do you know of any other ones like this that post their offers?
ronjouch · 5 months ago
No I don’t. But Wladimir Palant is where I get most of my information on the topic (and is probably where I got this link). His blog might have a post (or a comment) that links to similar lists: https://palant.info/categories/security/
ronjouch commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos   stepsecurity.io/blog/hard... · Posted by u/varunsharma07
usef- · 5 months ago
Yes. Same with browser plugins. I've heard multiple free-plugin authors say they're receiving regular offers to purchase their projects. I'm sure some must take up the offer.
ronjouch · 5 months ago
For an example of a scary list of such offers, see https://github.com/extesy/hoverzoom/discussions/670
ronjouch commented on Unleashed Recompiled: PC port of the Xbox 360 version of Sonic Unleashed   github.com/hedge-dev/Unle... · Posted by u/garrettjoecox
LorenDB · 6 months ago
Similar Sonic projects include SA2 Redux[0] and Project 06[1].

[0]: https://gamejolt.com/games/SA2R/939490

[1]: https://youtube.com/c/ChaosX (best link as there is no official website)

ronjouch · 6 months ago
And similar recomp projects include Zelda { Ocarina of Time, Majora's Mask } and Starfox.

- https://github.com/HarbourMasters/Shipwright

- https://github.com/HarbourMasters/2ship2harkinian

- https://github.com/HarbourMasters/Starship

ronjouch commented on Ask HN: Can we get a HN background color (dark mode)    · Posted by u/tasoeur
ronjouch · 6 months ago
If you use Firefox, have my userContent.css DIY dark mode. Or you can massage it into the syntax expected by { Arc’s custom CSS, uBlock Origin, your CSS injecter of choice }:

  @-moz-document domain(news.ycombinator.com) {
    @media (prefers-color-scheme: dark) {
      body {background-color: #111 !important;}
      #hnmain {background-color: #181818 !important;}
      .c00, a:link, .subtext a:link { color: #eee !important; }
      .comhead { opacity: 0.5 !important; }
      a:visited, .subtext a:visited, .pagetop, .reply a { color: #777 !important; }
      button, select, input, textarea { -moz-appearance: none !important; color: #eee !important; background-color: #444 !important; border: 0.5px solid gray !important; }
      pre, code { color: #9d9 !important; }
    }
  }
Obvious caveats apply: it’s mine, it’s certainly incomplete, yadayada. But hey, been working for me for years! Also, now that you know that the feature exists, you can probably search "Hacker News dark mode userContent.css" and find better / more complete ones :)

Always a pleasure helping tasoeur.

ronjouch commented on Google begins requiring JavaScript for Google Search   techcrunch.com/2025/01/17... · Posted by u/ungut
ronjouch · 7 months ago
Previous discussion: Google.com search now refusing to search for FF esr 128 without JavaScript (2025-01-16, 92 points), https://news.ycombinator.com/item?id=42719865
r

u/ronjouch

KarmaCake day4025May 31, 2013
About
https://ronan.jouchet.fr , https://github.com/ronjouch , https://twitter.com/ronjouch
View Original