Michael Altfield
Michael Altfield
RecycleView Label redraws to wrong text_size height ONLY when rv.data is repopulated with SAME items
I just stumbled onto this bug in my app too :( @allhavebrainimplantsandmore did you come-up with a workaround? ## Update 2024-03-19 I fixed my issue by changing this in my...
@firefoxlover the benefit of an emulator is security through compartimentalization with distinct VMs -- far greater security isolation than Android sandboxing or user profile sioling. If I have 10 apps...
Test showing that the release is not signed ``` user@disp1874:~/Downloads$ wget https://files.pythonhosted.org/packages/e7/8a/db65b2aee78993e3e60d1b149a7fe5fbf83a729ea7b28292b53e0e42943d/b2-3.0.1.tar.gz --2021-08-26 20:01:40-- https://files.pythonhosted.org/packages/e7/8a/db65b2aee78993e3e60d1b149a7fe5fbf83a729ea7b28292b53e0e42943d/b2-3.0.1.tar.gz Resolving files.pythonhosted.org (files.pythonhosted.org)... 151.101.37.63, 2a04:4e42:9::319 Connecting to files.pythonhosted.org (files.pythonhosted.org)|151.101.37.63|:443... connected. HTTP request sent, awaiting response......
For best-practices on creating/maintaining gpg keys and release signing in-general, please see: 1. https://infra.apache.org/release-signing 2. https://docs.opendev.org/opendev/system-config/latest/signing.html 3. https://wiki.debian.org/Subkeys 4. https://riseup.net/en/security/message-security/openpgp/best-practices
For examples of other developers on GitHub that fixed this by signing their packages on PyPI using `twine --sign`, see: * https://github.com/vpelletier/python-libusb1/issues/54 * https://github.com/thinkst/opencanary/issues/122
> if you use https, there is no way that the package that you'll receive will be corrupted by MITM attack... Sorry, but https doesn't always protect you from MITM...
> Is trusting github the problem you would like to address? You shouldn't trust GitHub, and it's not necessarily a problem with Microsoft. You just shouldn't trust *any* infrastructure in-between...
Honestly the easiest & most common solution is to assign only one single person to own the release signing private keys in cold storage and use it to sign your...
> MITM attack between the user and github, which is impossible Sorry, but https doesn't protect you from MITM attacks. The problem isn't the crypto; it's the PKI * https://security.stackexchange.com/questions/234052/where-can-i-find-a-list-of-all-government-agencies-with-cas-in-pki-root-stores...
fyi, I hacked-up a simple GitHub Actions workflow that looks for Unicode characters in the changes made for a given PR * https://github.com/maltfield/trojan-source/blob/mallory/.github/workflows/unicode_warn.yml If any unicode characters were added in...