Api tokens are also a stolen credential. They are getting stolen via things like unsandboxed malicious packages that search for them.
That is TeamPCP's main modus operandi, they have an infostealer that tries to nab whatever credentials it can find, and then uses those to spread more.
dbt fusion
Seems to use the Elastic License: https://github.com/dbt-labs/dbt-fusion/blob/main/LICENSES.md
Which is simply not open source in the first place: https://en.wikipedia.org/wiki/Elasticsearch#Licensing_changes
Elasticsearch and Kibana would be relicensed from Apache License 2.0 to a dual license under the Server Side Public License and the Elastic License, neither of which is recognised as an open-source license.[
(although elasticsearch later changed back to the AGPL. As did Redis, and Mongo which also tried similar moves lmao).
It looks like there are a mere 4 Apache 2 (open source license) programs inside, but the other 40+ programs are behind that ELv2 license, so the program can't really be called open core even (term when some of the program is open source but some features are paid only and not open source).
So no, DBT fusion is not FOSS. DBT Fusion is source available, which is the term used to refer to when you can read the source code but there are legal restrictions on what you can do with it.
Ruffle has been around for a while.
This project: https://github.com/WumboSpasm/flashpoint-nano/
Uses ruffle to play flash games it downloads from Flashpoint Archive. You can search the archive here.
EDIT: I tried to submit this with the "English" langauge but it didn't let me, saying "Language not allowed". :(
it sucks that there seem to be no real non dead movement shooters. I am currently keeping an eye on:
And there were probably others. But so few.
Moderation, much as the average internet user loves to lambast it, is not an easy task at all.
This is exactly why you should use ~~reddit~~ lemmy as a forum instead of discord. One of the repeated problems I have seen in the emulation on android community, is that there are many entittled children, who harass and troll in these communities. Moderators have to ban them, but the bans are per server. That means that each server has to deal with the same troll who kicks up a fuss, and then ban them. And then they create a new account and repeat. I have seen communities and projects die due to harassment and trolling and it makes me sad.
But on ~~reddit~~ Lemmy, instance bans could be applied to ban problematic users from many communities at once, saving and deduplicating work.
Moderation is a lot of work, but moderating a ~~reddit~~ Lemmy community is ultimately a team sport, rather than an individual one.
some of us really care about ethics outside the scope of just what happens with the source.
And some don't. There are a ton of corporate open source projects that use slack as their main communication channel. You can try to convince them. But here you're just kind of preaching to the choir tbh.
What do you think the “F” in “FOSS” is all about?
Read the article I linked. It discusses problems with the term "FOSS".
Though, you should also take a look at: https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar . Not every project actually wants to receive contributions from the public. Sometimes they only want to just dump the code on the net for people to review or fork.
https://www.gnu.org/philosophy/open-source-misses-the-point.en.html
There is a term to refer to projects like these: Open source. Open source, means to allow for collaborative development. User control of their systems, and/or privacy are not concerns when it comes to open source projects.
Not linux distro package managers.
Rust
Rust is doing pretty poorly right now.
among the 999 most popular crates on crates.io, around 17% contained code that do not match their code repository.
https://kerkour.com/rust-supply-chain-nightmare
Rust programs that are compiled with cargo, when compiled as dependencies of another program or when compiling a binary itself, can execute arbitrary code via build time scripts, and they are executed unsandboxed. This is a security nightmare.
push whatever you want to an NPM package if you have the author’s login
This is how all language package managers work, unfortunately. The login's security can be improved, via things like 2fa, but it's currently very bad. Having multiple parties use keys to sign packages after reviewing all changes, is a thing unique to distro package managers, and it is why Linux distros are extremely resilient against supply chain attacks.
Other fun answers:
This site is: https://youraislopbores.me/
This site is a "fake chatgpt" where you can pretend to be chatgpt or ask questions to people pretending to be chatgpt.
Yes it should be possible, although somewhat challenging.
If this device acts an an ethernet interface that is behind windows, then you are probably going to want:
This is the first solution I can think of, off of the off my head, provided that the external device is actually pretending to be a network interface you are connecting.
In addition to that, you will likely have to create a custom service to recreate this setup on boot. The tools for managing linux firewalls and network namespaces independently of abstraction layers aren't great.
Alternatively, if you are actually running an app that is connecting to that device via USB or the like, you can run that app within a network namespace to force traffic through the VPN. But the steps and solution would be similar.