how comes gitlab shows custom messages to my plain old git client then?
for example when you rename gitlab repository, or push to new branch, gitlab injects custom text that you can see. Eg. with new URL or where you can create merge request on web, etc...
Are you seriously asking how would sharing short text notes over internet work?
If you need to be 100% git-centric, you can have git repo for messages. Client will then remember last commit displayed to user and refuse to continue unless latest message was displayed.
BTW some AUR clients displayed ArchLinux RSS feed before... Too sad the issue is not even mentioned in the RSS feed...
7+ hours into this and still no mention on archlinux.org webpage nor on aur.archlinux.org. Why??? AUR should have been blocked until user takes action to prove he knows about this.
Eg. change AUR API URL slightly so yay/yaourt users need to look up what is going on. New API should have infrastructure for informing users and making sure they've read the message before proceeding. Especially when they're not even sure that all malware was found.
Also there should be database of revoked/compromised AUR commits and there should be mechanism to warn user if they had it installed.
i don't think phones are THAT watertight... they're not tested for long term submersion. usualy they don't even guarantee waterproof rating for more than first two years or when there are signs of wear. should work with some non-conductive oil or fluorintert tho...
Gadget mode can do more things than just network.
I beleive you can set up your raspberry pi zero to work as USB mass storage microsd card reader.
That seems kinda lame, until you realize you can also run transparent encryption on the raspi and unlock your SD card using passphrase entered via USB serial (also possible in gadget mode).
At first it might seem that 6 is furthest to starting point and therefore it's quite likely it will be the last one reached. However whole process is chaotic enough, that once ladybug finally arrives to 4 and/or 8, the starting position has very little impact on overall outcome.
yes. and the websites require you to verify transactions with (unrooted?) phone.
on the other hand phone does not require you to verify with your pc, so there's no second factor unless there is some unacessible secure island within the phone itself.
funny enough, you can probably use that website directly on the phone that you use as 2F, which probably circumvents the 2F idea (at least as long as you use SMS 2F instead of app that checks for root)