Has anyone here used https://pikchr.org/ from the creator of SQLite?

Genuinely how are you supposed to make sure that none of the software you have on your system pulls this in?

It’s things like this that make me want to swap to Qubes permanently, simply as to not have my password manager in the same context as compiling software ever.

We run everything NPM related inside Apple containers, and are looking to do the same with Python and Rust soon. Bwrap on Linux does the same.

I like to think of it like working with dangerous chemicals in the lab. Back in the days, people were sloppy and eventually got cancer. Then dangers were recognized and PPE was developed and became a requirement.

We are now at the stage in software development where we are beginning to recognizing the hazards and developing + mandating use of proper PPE.

A couple of years ago, pip started refusing to install packages outside of a virtualenv. I'm guessing/hoping package managers will start to have an opt-in flag you can set in a system-wide config file, such that they refuse to run outside of a sandbox.

The problem is that package managers are a distraction. You have to sandbox everything or else it doesn't work. These attacks use post-install hooks for convenience but nothing would have stopped them patching axios itself and just waiting for devs to run the app on their local workstation. So you end up needing to develop in a fully sandboxed environment.

They are not a distraction when they are also the command runners.

What are you using that utilizes Apple containers?

While it's not perfect, pinning specific versions and managing all updates directly has been a solid solution for my team. Things can of course still slip through, but we're never vulnerable to these just because there was a new package release and we opted into it by default.

Updating packages takes longer, but we try to keep packages to a minimum so it ends up not being that big deal.

Bit ridiculous to dismiss the most popular programming languages packaging repo as silly toys.

I don't deny that node/npm is useful for building servers, devtools for JS development itself, etc. but as an end user I haven't encountered anything useful which requires having it on my machine.

Ok? So you don't code in that language?

You still have multiple programming languages preinstalled on your OS, no matter which one it is.

My router doesn’t have a WPS button, so I also had to use the two button interface. Not fun having to cycle through some 50 plus ASCII characters for the WiFi password. I’m pretty sure you can emulate the button press in openwrt with some package though. It was faster to just enter the password than to figure all that out.

I just use HN as my comment platform. I have a Hugo short code that (very respectfully!) grabs the comments on a full rebuild, but only if those comments are not already cached and if the post is less than 7 days old. The formatting looks quite good on my site. Feel free to check it out at the bottom of this post: https://mketab.org/blog/sqlite_kdbx

The main critique I’ve seen of the duress pin is that it causes undue trouble. The obvious counter argument is that if you genuinely have the need for a duress pin, it’s worth its weight in gold. If the severity of the charge or physical punishment (in countries without due process) would in any way be less by NOT having xyz data on your phone, then it’s helped. Say, the difference between 10 years for destruction of evidence and 80 years for espionage.

It also doesn’t have to be used against a government.

Even when used against a government, there are a lot of different gradations. E.g., my government is not very hostile, but people who get arrested at a demonstration might still want to erase their phone. There are some countries where someone is not required to give their PIN, but the police is allowed to investigate a phone if they can unlock it by other means (Cellebrite, face unlock, etc.).

By the way, another way GrapheneOS protects against this is by allowing automatic reboot after a period without unlocking, which can be set to a very short period. This puts the phone in BFU (before first unlock), where fingerprint and face unlock do not work, and the phone is much harder to hack with tools like Cellebrite.

For sure, but these LARP situations are mostly based on defending against a highly motivated and powerful entity like the government.

But other situations like against thievery, domestic abuse, or brute force deterrent (ie: setting a simple duress code that is likely to be triggered, say 1111), it has the potential to work well.

Graphene brings out some of the best of android. Profiles are first class citizens, private spaces within the owner profile (I think all profiles can have them now?), and app pinning are great.

The web server that powers fossil was also written by its author! It’s nice that unlike git instaweb you don’t need to install an additional web server just to see a read only view of your commits.

I use Fossil for all of my long term projects. It can even import Git repositories if you want to try it out.

Today I was working on a semester paper for a non-technical class. It is versioned in fossil and I have all my miscellaneous ideas, initial outline, and the paper guidelines in the Wiki. The branching also makes much more sense, and I’ve used it for major revisions of the paper or its structure.

Fossil is legitimately awesome, and I lament the fact that Git gained popularity over it.

Fossil itself is a C binary, not a database. Maybe they meant that Fossil’s source code is hosted in Fossil, or that Fossil repositories are SQLite files? I don’t exactly know either.

They are talking about this fossil: https://fossil-scm.org/home/doc/trunk/www/index.wiki

I think the most valuable part of this “e” lineup is the in-house developed modem. The power and security benefits are probably enormous.

Indeed. I have 16e from it's launch and can't be happier. Battery life is incredible while no issues with connections whatsoever (I am heavy traveler so can test it on multitude of telco hardware)

do you run two eSIMs when traveling and if so how is stability / battery life?

Always 2 SIM/esim running simultaneously. Compared to previous non-apple modem it's night and day battery-wise.

Didn't notice any issues with connection speed/stability.

If the 17e had that chip, wouldn't it have Wi-Fi 7 and Bluetooth 6? It has neither of those.

From the press release:

> iPhone 17e also features C1X, the latest-generation cellular modem designed by Apple

But the 17e iPhone seems to lack the Apple developed N1 chip that provides Wifi 7 + Bluetooth 6. So presumably they're using off the shelf components for Wifi and Bluetooth in the 17e.

The modem chip (the C series) and the N series are two different chipsets.

For example, the 16e has the C1 modem but the standard Broadcom (or whoever) Wi-Fi and Bluetooth chipset.

I really hope this makes it to the Pro line soon.

I couldn't care less about multi-gigabit 5G speeds (my 15 Pro can already practically get ~2 Gbps – who really needs that in a battery-powered phone?!); give me better battery life (my 15 Pro gets warm to the touch doing absolutely nothing in some 5G scenarios) and better security (e.g. carrier-side location tracking prevention) any day.