Two men said to be the operators of SmoothStreams, a pirate IPTV service shut down by entertainment companies over three years ago, have been imprisoned in Canada. Marshall Macciacchera and his father Antonio were both found guilty of contempt and sentenced to an initial term of six months. Marshall's sentence will continue until he complies with a court order to hand over financial information and a laptop password, among other things.
The right approach would be to nationalize if you claim it has national security interests. Partial stake only incentivizes worst qualifies of capitalism.
National security interests would drive the selection of certain companies. But all companies that need a bailout should do it in exchange for privileged stock. I'm tired of companies like ATT getting billions of dollars of free money for shit like "fiber infrastructure" and then just pocketting it. If they want that money, and if it is a matter of law, then they get uncle sam on the board telling them to spend it how it was meant to be spent.
Unpaid ground time for flight attendants could be on the way out as Air Canada looks to be joining a growing number of airlines that have agreed to move away from the widespread practice.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Israeli forces killed former Palestinian national basketball player Mohammed Shaalan on Tuesday.
Shaalan, 40, was killed at an aid distribution site near Khan Younis while attempting to secure food and medicine for his sick daughter, Maryam, and the…
Syria’s new leadership under President Ahmed Al-Sharaa has launched an aggressive campaign to dismantle the vast captagon drug empire left behind by ousted dictator Bashar Al-Assad, whose regime transformed the country into one of the world’s largest narco-states. The drug trade, valued at over $5 billion annually, became a lifeline for Assad during the civil war, as sanctions and conflict crippled the economy.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Turkey remains open to providing security guarantees to Ukraine in the event of a comprehensive peace agreement with Russia, including the deployment of a peacekeeping force, sources familiar with Ankara’s position told Middle East Eye.
The tech giant is required to regularly provide U.S. officials with its plan for keeping government data safe from hacking. Yet a copy of Microsoft’s security plan obtained by ProPublica makes no reference to the company’s China-based operations.
In June 2018 the independent security institute, AV-Test, released an evaluation of twelve VPNs.
The following VPNs were studied: Hotspot Shield Elite, Avast SecureLine, Avira
They lost me at calling ExpressVPN the gold standard. Even their audit is bs. KPMG is the same company that provides the "always-on" audit to PureVPN.
Any article that still uses the "eyes" as a factor in their evaluation is a massive red flag. Very public intelligence alliances are the least of your worries.
I had not read about this criticism of KPMG before. For the benefit of other readers, I found this other forum post from March 2025 where commenters question the worthiness of the KPMG audit for PureVPN. For my own part, I'm not sure I understand what an audit that's acceptable to privacy communities would look like. If somebody can elaborate on this, I would appreciate it.
In today’s day and age, the security & privacy of personal data has been a topic of much concern and debate. Obviously, there are many insecurities when it comes to trusting someone with your personal information.
Audit providers just like VPN providers come in a wide variety of quality.
Its hard to point out specifics of what makes a good audit as most people don't, and have no need to, understand the technical details of the audit and just go off its summary.
Another difficulty is just like most VPN providers, there just isn't much info provided about Auditors or the auditing process.
A few have well known reputations...
KPMG is a low quality provider. Any auditing company that provides an "always-on" service is not being serious.
I’d imagine it would be very difficult to audit a VPNs privacy, since most at least have a veneer of privacy and the auditor won’t have nearly the same pull or resources as a state actor
The founder and CEO of redact (the site this is hosted) is Dan Saltman, a man so obsessed with online drama that he would side with Hitler if he went after Hasan.
I've had windscribe for a few years and love it! Dirt cheap and pretty damn fast. Haven't had any issues with their android app, but I rarely use it. What's the issue with the windscribe app?
Proton does... but you need to use a shell script to enable it on Linux. It's easy enough and documented on their site, but it's annoying. Mullvad does not, that's why I moved away from them. Can't speak for others
Do you know if Proton's port forwarding times out and needs to be reconfigured every so often in the same way the other commenter mentions about Windscribe?
For Linux it does timeout and basically just need to run a bash while loop to keep open. I’m not sure if windows is the same way, but from what I hear it’s more integrated.
Overall the port forwarding is not that big of a hassle on Linux. It’s an opt in feature and I just have bash aliases to enable the port forwarding when I need it.
It's pretty solid, but if you reconnect to a different server then you'll likely have a different port number. There's an add-on script for docker qbittorrent though that auto updates the port number.
Same price as Mullvad, about a fiver a month, if you buy a year at a time. Annoying that you have to buy a year upfront but works out to the same price
This is why I moved from Mullvad to Proton. Mullvad worked great for me, but then I started my own media server, and port forwarding goes a long way for torrenting Linux ISOs. Proton also offers double the active connections as Mullvad, which helps when hooking it up to various Gluetun containers which are mostly routed through different servers for one reason or another. And despite how gimmicky the marketing for it is, the "VPN accelerator" fuckin works.
That being said, Proton sketches me out - their CEO has said some awful bullshit last year, and it just feels like enshittification is around the corner. But their VPN is proven and works great.
I'd love to go back to Mullvad for those reasons, but the feature set Proton offers right now is unmatched imo.
AirVPN does, I've been currently using it for the past couple months and it's been pretty damn good. I set up the port forwarding about a month ago, and I haven't had to touch it since, so p2p filesharing has been great so far.
Was using mullvad before, and it was great, except for the lack of port forwarding.
ExpressVPN is a Chinese govt aproved company... do all audits you want. You need trust. Audits doesn't matter. They can change everything after. I trust IVPN and Mullvad
For the unaware: Kape has a history of bundling malware into software that they have purchased. Like they’ll buy out an existing piece of software, then bundle malware into updates for that purchased sodtware. I remember a lot of PIA users fled when Kape bought it a while ago. PIA hasn’t had any bad updates yet, but it’s still putting a lot of trust into a company with a rocky history.
Notably, PIA is one of the few VPNs that still provides port forwarding. Most VPNs dropped port forwarding support a while ago.
Yes, here are some non kape vpn services with port forwarding for the people reading along:
Air, proton, ivpn, windscribe.
VPN services are targeted at different user bases and have different features. It would be unwise to rely on one service for wildly different uses like browsing, bypassing edge devices, p2p, hosting, location spoofing, etc.
You telling me any of those are not related to israel ? Where they are registred and who truly run them is two different things and I believe a column of who truly is behind is relevant.
Paywalls have become part and parcel of the modern Web it seems. And despite helpful extensions like BPC, there are always many sites where one is constrained to compromise. Many sites also keep stuff like newsletters for subscribers only.
In this specific example, The Verge has launched two new variants and both are behind a paywall. Whilst the site itself works with BPC, is there a way to access the newsletters?
Of course, you might ask why I don't pay. It's because it's exceptionally hard. Ironically for a tech company, Verge took the nonsensical step of NOT having regional specific pricing. So, they are currently more expensive than YouTube, Play Pass and local newspaper subscription combined in my country.
And from there you can anonymously publish the newsletter archives for everyone. I agree there should be some kind of tracker for newsletter piracy though.
China’s growing involvement in the Middle East, intensified by the recent escalation of violence in Gaza, is prompting renewed scrutiny of Beijing’s regional strategy, The Jerusalem Post reports. Traditionally focused on securing access to energy resources, safeguarding trade corridors, and expanding infrastructure investments, particularly in the Gulf, China's approach has until recently been marked by strategic ambiguity and a reluctance to take clear sides in regional rivalries.
[...]
Energy security remains central to China’s engagement in the region. As the world’s leading oil importer, China currently sources approximately 40% of its oil from the Middle East; a figure projected to double by 2035. This dependency leaves Beijing vulnerable to disruptions in maritime chokepoints such as the Red Sea and the Strait of Hormuz, which are also vital routes for Chinese trade with Europe and Africa.
[...]
In Israel meanwhile, some have called for a reassessment of relations with China, despite limitations imposed by close ties to Washington. This reassessment could present Israel with an opportunity to strengthen its presence in Asian markets, diversify its regional relationships, while at the same time exploring deeper engagement with countries across the Global South; a region Iran struggles to relate to.
I'm not sure that will happen as that would alienate Africa which China spent a lot time and resources to court. They will probably continue to stay ambigous with tepit actions like voting on UN resolutions that they know won't pass.
"Chinese capital can help Israeli startups expand globally, while Israeli technology can support China’s industrial upgrading," explains Xiao Junzheng, Chinese Ambassador to Israel.
In 2024, China imported goods worth $2.8bn from Israel, while Hong Kong imported an additional $2bn, according to the UN Comtrade database. With the combined $4.8bn, China is worldwide the second-largest buyer of Israeli goods behind the US.
China was, however, the biggest exporter to Israel with $19bn, more than twice the volume of second US with $9.4bn, and Germany with $5.6bn.
That's more than 'ambiguous talk' but has rather long been materializing I would say.
Considering China's trade power, it's more fair to compare it to the EU bloc which is by far the number one trade partner. Total trade in goods between the EU and Israel in 2024 amounted to €42.6 billion. EU imports from Israel were worth €15.9 billion. The EU’s exports to Israel amounted to €26.7 billion.
And considering China's total exports in 2024 were valued at US$3.58 trillion, it's kind of insignificant in a sense that it signifies a shift in trade policy.
A joint statement of Belarus President Aleksandr Lukashenko and Iran President Masoud Pezeshkian on more profound advancement of relations between the Republic of Belarus and the Islamic Republic of Iran has been signed.
At the end of each shift, officers’ BWV footage was uploaded and stored to a central hub which could be accessed and managed, along with all of SYP’s digital evidence, via a secure system.
Following an upgrade in May 2023, the secure system began to struggle processing BWV data and a local drive workaround was put in place.
In August 2023 SYP identified that its BWV file storage was very low and further investigation found that 96,174 pieces of original footage had been deleted from its system.
The following month it was found the deletion had taken place on 26 July 2023 and included the loss of data relating to 126 criminal cases, only three of the cases were impacted by the loss. Of those three cases, SYP states one may have progressed to the first court hearing if BWV had been available. However, as there was no additional independent evidence to prove the offence, progression to prosecution stage was already uncertain.
Prior to the deletion, 95,033 pieces of BWV footage had been copied to a new system that SYP was implementing but, due to poor record keeping, SYP remain unable to confirm the exact number of files deleted without copies made.
96,000 UK Police Bodycam Videos Lost After Data Transfer Mishap
At the end of each shift, officers’ BWV footage was uploaded and stored to a central hub which could be accessed and managed, along with all of SYP’s digital evidence, via a secure system.
Following an upgrade in May 2023, the secure system began to struggle processing BWV data and a local drive workaround was put in place.
In August 2023 SYP identified that its BWV file storage was very low and further investigation found that 96,174 pieces of original footage had been deleted from its system.
The following month it was found the deletion had taken place on 26 July 2023 and included the loss of data relating to 126 criminal cases, only three of the cases were impacted by the loss. Of those three cases, SYP states one may have progressed to the first court hearing if BWV had been available. However, as there was no additional independent evidence to prove the offence, progression to prosecution stage was already uncertain.
Prior to the deletion, 95,033 pieces of BWV footage had been copied to a new system that SYP was implementing but, due to poor record keeping, SYP remain unable to confirm the exact number of files deleted without copies made.
Someone was reviewing some footage and decided to hide the deletion in amongst lots of other benign videos. They seem to always loose the critical videos showing police brutality don't they!?
This was probably done intentionally to hide one exceptionally terrible incident. Always make your own recordings of your police interactions so you don't have to hope your bodycam video request is actually fulfilled.
So basically you had a storage full issue and nobody thought to check on that? There isn't a monitor to alert at 80% full?
And those delete files, who deleted them? You don't have any audit system?
What the FUCK are you being paid for? Because I know that these systems don't come cheap, they are fucking expensive to buy and maintain and I know that a government will pay through the nose for this to work correctly and you fuck up at step one?
This should result in millions / billion dollar penalizations.
The best open source office suite continues to evolve, while maintaining its focus on privacy and digital sovereignty Berlin, 20 August 2025 – The Document Foundation announces the release of LibreOffice 25.8.
Hi everyone, I’m currently using Linux Mint 22 Cinnamon edition, version 6.2.7, which I reinstalled today on my laptop. When I open LibreOffice Writer, I’m experiencing an issue where some icons aren’t clearly visible in dark mode.
No, not that one. But I guess there are multiple angles, dark mode overall has been pretty rough.
The one that gets in my way the most is their already spotty xlsx conversion seems to parse Office's default font color as black instead of automatic, which means when you open Excel docs on LibreOffice you get black text on black background by default.
You can just select all and manually change the text color, but it's a pain, and on spreadsheets you have to do it on each spreadsheet page. From what I've seen there have been bugs opened and reclosed with "you should set the text to automatic", which is engineer excuses for what is obviously a genuine issue with the defaults of document conversion, as far as I can tell.
There's an optional "tabbed interface" in View > User Interface that's a lot like the Office ribbon. Like the Office ribbon, it has context-sensitive additional tabs, and you can enable a compact version that shows less but takes up less vertical space.
I've not had a need for LibreOffice for a while, but it certainly looks a lot less cluttered than the default old-school toolbars.
I know. I just didn't know GNU was pronounced Gee-Noo, like in GIMP
Isn't GNOME also a GNU thing? GNU Image Manipulation Program Network O… Object… Model… uhh… Environment? Also, this means GNOME is pronounced like Genome, as in, like, Jeans and stuff, innit?
for all 3 of these projects the main way ive heard them said is with a hard G, i know there is a debate with GNOME as to pronounce the G or not (as in the word "gnome"), idk if a similar debate exists with GNU
imo, there’s no wrong way to pronounce a word, as long as people know what you’re talking about, it’s fine
Dammit. I want arguments. Chaos. But yes, I do soft G GIMP. Not GNU or GNOME. I do say GNOME with a G, though. I mean, I don't talk about these things IRL. These words don't show up in my convos. Actually, it might be without a G. I guess I could start soft G'ing GNU and GNOME, just because. It's how I got to soft G GIF, by going the opposite way I was doing. And now it just be like that, and hard G GIF feels kinda weird.
LibreOffice Draw can actually edit PDFs - it's not perfect for complex layouts but works great for basic editing, adding text, and modifing simple elements (tho sometimes formatting gets a bit wonky).
[vlog/video] Trump-Zelensky summit was theater, not progress: Landsbergis — Russia resumes stolen grain shipments from occupied Ukrainian territories to Syria — Ukrainian drones hit oil refinery in Russia’s Volgograd Oblast — Security guarantees for Ukrai
Medical Supplies for Ukraine’s Hospitals. Partnering for global health equity.
Russia’s war against Ukraine
Supporters of the Ukraine Solidarity Campaign protest in Parliament Square on August 19, 2025 in London, England. President Zelensky has said today that he is willing to meet President Putin for peace talks to end Russia’s war on Ukraine. (Guy Smallman / Getty Images)
Zelensky, Putin maymeet within 2 weeks, German chancellor says. “The American president spoke with the Russian president on the phone and agreed that there would be a meeting between the Russian president and the Ukrainian president within the next two weeks,” German Chancellor Friedrich Merz said.
US troopswon’t be sent to Ukraine as part of security guarantees, Trump says. U.S. President Donald Trump said on Aug. 19 that U.S. soldiers will not be on the ground in Ukraine to ensure security guarantees are upheld, deflecting the responsibility to European allies.
NATO military leaders to meet on Aug. 20 to discusssecurity guaranteesfor Ukraine. NATO military leaders are scheduled to meet virtually on Aug. 20 to discuss the alliance’s support for Ukraine as European leaders continue negotiations with Kyiv and Washington on security agreements for the embattled country.
‘I want to try toget to heaven,’ Trump cites divine motivation for Ukraine peace. “If I can save 7,000 people a week from being killed, I think that’s a pretty… I want to try to get to heaven if possible, I’m hearing that I’m not doing well,” Trump said on Aug. 19.
Russia resumesstolen grain shipmentsfrom occupied Ukrainian territories to Syria. Russia has resumed grain shipments to Syria from within occupied Crimea, transporting stolen grain from Ukraine’s occupied territories, reported Kateryna Yaresko, a journalist with the Ukrainian SeaKrime project that tracks Russia’s illegal shipping activity.
Zelensky outlines$90 billionUS arms deal as part of Ukraine’s security guarantees. By tying its defense needs to a major boost for U.S. industry, Ukraine hopes to turn its request into an investment opportunity that appeals directly to American interests. The proposal also includes a separate $50 billion agreement for producing drones with Ukrainian companies.
The refinery is the second-largest owned by Lukoil and a key producer of petroleum products in Russia’s Southern Federal District.
Ukrainian drones destroy 2 Russianammo depotsin Luhansk Oblast, Security Service says. The strikes hit warehouses in the village of Bilokurakyne, located on a key railway line supplying Russian forces on the Pokrovsk front, where Moscow is focusing its primary offensive efforts.
Read our exclusives
Trump walks back from Ukraine ceasefire calls, aligning closer with Russia’s push for peace deal
U.S. President Donald Trump has walked away from his ceasefire demand, saying that he supports its “concept” but can push for a peace deal between Russia and Ukraine without one.
Photo: Andrew Harnik / Getty Images
Learn more Ukraine war latest: US troops won’t be sent to Ukraine as part of security guarantees, Trump says
Trump said on Aug. 19 that U.S. soldiers will not be on the ground in Ukraine to ensure security guarantees are upheld, deflecting the responsibility to European allies.
Photo: Bonnie Cash /UPI /Bloomberg via Getty Images
Learn more Did Zelensky wear a suit? President’s outfit at White House meeting sparks fresh debate
All eyes were on President Volodymyr Zelensky’s outfit as he arrived at the White House to meet President Donald Trump, months after his previous Washington visit sparked controversy — in part over what he wore.
Photo: Anna Moneymaker / Getty Images
Learn more Security guarantees for Ukraine explained: What’s on the table and what’s realistic?
As peace talks to end the war gather speed toward a potential trilateral meeting between the U.S., Ukraine, and Russia, the question of what kind of security guarantees Kyiv might receive continues to loom large.
Photo: Tom Brenner for The Washington Post via Getty Images
From Crimea to Donbas, Russia’s “peace” has always meant more war. We’re here in Ukraine to give the world a reality check. Support independent journalism in this critical moment.
Five people were killed and 11 injured on Aug. 17, followed by eight killed and 35 injured on Aug. 18, and at least eight killed and 53 injured on Aug. 19.
Russia’s Aug. 17 strike on Kharkivkills 7, injures 24, just hours before Zelensky met with Trump in Washington. Russia launched a wave of missile and drone attacks against Ukrainian cities late on Aug. 17, mere hours before President Volodymyr Zelensky is scheduled to meet for peace talks with U.S. President Donald Trump at the White House.
Ukraine repatriates1,000 bodiesof fallen soldiers from Russia. According to Russian authorities, the remains belong to Ukrainian servicemembers killed in action in Donetsk, Zaporizhzhia, Luhansk, and Kursk regions.
Trump-Zelensky summit was theater, not progress — Landsbergis
International response
Hungary emerges aspotential venuefor Zelensky-Putin meeting, Reuters reports. Hungarian Prime Minister Viktor Orban has blocked or delayed military aid to Ukraine, maintained ties with Russian President Vladimir Putin, and echoed Kremlin narratives.
EU’s 19thsanctions packageagainst Russia expected to be ready in September, Kallas says. The European Union’s 19th package of sanctions against Russia is expected to be ready in September, top EU diplomat Kaja Kallas announced on Aug. 19, as the EU ramps up its pressure on Moscow in hopes that it will push Russia to end its war in Ukraine.
Trump raises topic ofUkraine’s EU membershipwith Orban, Bloomberg reports. According to sources cited by Bloomberg, European leaders urged U.S. President Donald Trump to pressure Orban into dropping his opposition to Ukraine’s EU accession talks.
Switzerland ready to give Putinimmunityfor peace talks. Switzerland is prepared to grant Russian President Vladimir Putin immunity from arrest if he travels to Geneva for peace negotiations, Swiss Foreign Minister Ignazio Cassis said in an interview on Aug. 19.
Around10 European allieswilling to send troops to Ukraine, talks accelerate on security guarantees, Bloomberg reports. Talks among European officials on Aug. 19 reportedly focused on proposals to send troops from the U.K. and France to Ukraine, along with contingents from roughly 10 other countries.
In other news
Border guardsdetain priestattempting to smuggle draft-age man across Ukrainian border. The priest had concealed the passenger under his robes on the back seat to bypass checkpoints. The passenger turned out to be a 41-year-old resident of Sumy Oblast.
This newsletter is open for sponsorship. Boost your brand’s visibility by reaching thousands of engaged subscribers. Click here for more details.
Today’s Ukraine Daily was brought to you by Oleg Sukhov, Oleksiy Sorokin, Tymur Zadorozhnyy, Dmytro Basmat, Olena Goncharova, and Lucy Pakhnyuk.
If you’re enjoying this newsletter, consider joining ourmembership program. Start supporting independent journalism today.
The GPT5 launch would give me pause if I were a prospective investor
They're still losing money, performance is only increasing marginally, and that launch looked like it had no validation or due diligence. Plus Meta is trying to siphon off their employees with offers of 10s of millions of dollars.
Anthropic has mostly taken over the dev space, GPT is lagging on MCP and tool ineroperabilitiy locking them behind a paywall with limited use...
Then the CEO comes out and days they're in a bit of a bubble, but want half a trillion dollars to make more capital expenditures.
Unless the design of chips dramatically changes the economics are borderline, and OpenAI is fumbling on the PR/mindshare front.
Agreed I don’t get why anyone would invest in them right now. Five years ago you were joining a hype train, but how does anyone think their value is going to increase from today forward?
Their biggest appeal seems to be that their consumer product ChatGPT is a household name and has widespread consumer use. But consumer adoption of a phone app is a very fickle thing to stake a trillion dollars on.
Don't forget their absurd power requirements - their datacenter costs must be astronomical with GPT5 using 8x the compute of GPT4, check gearscouts.com to see what efficient power delivery actually looks like vs the inefficient monstrosity they've built.
I mean, it's not definitely a bad thing in principle... But given the current administration, I would worry about any company the government wants to get their hands into. I'd be worried if the us suddenly wanted to buy into Coca-Cola... But Intel is scarier.
Intel would be an example of a chipmaker that should fail but they won't let it because it's also an unofficial asset. It will literally never fail no matter how backward it gets and they have been backward for decades.
This was initially demoed at FediCon 2025, but CrowdBucks is an open source, self-hostable fundraising system that allows people to financially support one another. You use your existing Fediverse account to hold a fundraiser, and can also donate to other people's fundraisers as well. The form factor is kind of similar to Kickstarter or Patreon.
CrowdBucks is a new payment system for the Fediverse
More developments are happening on the front to provide payment and monetization options for the Social Web. Over the past few years, there have been interesting experiments in making this possible. Mitra, notably, pioneered subscription payments by utilizing Monero. Bandwagon has also built on the concept by instead relying on integrations with traditional payment networks, starting with Stripe and PayPal. The short-lived SubClub implemented private feeds for paid access.
Introducing CrowdBucks
CrowdBucks is a new effort developed by Charles Iliya Krempeaux, better known by his online moniker, Reiver. It builds on some of the ideas previous implementations have tried, and aims to make the process as smooth and simple as possible.
“The long-term vision that CrowdBucks is a part of is to create a payments layer for the Fediverse,” Reiver explains, “obviously, it’s not the only part, there will be other projects later.” Source: CrowdBucks
Signing Up
Instead of forcing users to create yet another account, CrowdBucks does something really smart: you can just sign in with an existing Fediverse account.
At the moment, sign-in is limited to just Mastodon, but the plan is to gradually support a number of different platforms. Since a lot of Fediverse software implements part of the Mastodon API, I attempted to log in with both Akkoma and WordPress, but neither one seems to work yet. We opted to use a tried-and-true community instance.
After doing the Authorization dance, CrowdBucks directs users to a simple dashboard, where they are prompted to do basic setup for their page. Fediverse integration automatically pulls in profile details, including the username, avatar, header, and handle, although most of the public-facing details can be customized.
Getting Set Up
The first thing to do with your account is to set fundraising goals and donation tiers. The flow feels reminiscent of something like Kickstarter or Patreon, where rewards can be spelled out as something symbolic, something digital, or even something tangible. You can view our demo account here. Please, don’t actually donate to this.
Donations and Payments
Support tiers can be set up with any monthly denomination, and these get prominently displayed on your CrowdBucks page. Donors can use their CrowdBucks accounts to find a page, select a tier, and support creators and projects easily.
When a person pledges towards a Tier, they’re automatically taken to a checkout page. For the time being, the only supported Payment Processor is Stripe. Reiver has explained that this is because Stripe was easiest to implement, but the team intends to also add support for PayPal and other providers, as well as support for standards such as Web Monetization and OpenPayments.
Quick Demo
CrowdBucks was initially revealed in a brief demo at FediCon a few weeks ago, which was recorded and added alongside the FediCon Talks on PeerTube. It’s a useful insight into where Reiver is coming from, what’s being built, and ideas of what CrowdBucks could be used for.
“Anyone will be able to set up their own CrowdBucks server,” Reiver explains, “just like anyone can set up their own Mastodon server.”
The CrowdBucks project itself is licensed under the GNU AGPL, with source code readily available. The CrowdBucks.fund site is simply operated as a flagship instance, but the goal is to allow anyone to host their own version as part of their operational infrastructure.
“We want CrowdBucks to help pay server bills, to support developers building Fedi software, and to fund creators on the Fediverse. The whole thing is designed to be native to the Fediverse.”
Future Plans
While the project itself is still fairly young, the team is actively thinking about how to improve. One area CrowdBucks is already exploring involves the ability for the app to post to the Fediverse on the behalf of fundraisers, for example, to give credit to supporters. Another possibility might involve collaborating with Emissary to standardize pieces involving payments and private access.
This is an exciting endeavor, and might be one of the most polished attempts yet to make payments possible on the Social Web. Hopefully, existing projects will get involved, and hash out the details on how to make this as open and interoperable as possible.
Historically speaking, the act of financially supporting creatives on the Fediverse has always been something of a pain point. The network lacks a meaningful payment layer, and most of the network’s i
The company that's involved with the payment disputes between Steam, MasterCard, banks, 18+ games and Collective Shout. Stripe is the one handling payments between Steam and MasterCard. It got blamed, blamed others in return and suddenly is known to a lot more people but not in a good way.
Support for other providers is coming. Bandwagon is in a similar situation. The overall goal is to support a multitude of options, so that no one payment solution has a monopoly.
We really need to figure out the payment system for the fediverse.... Good to see someone trying things.
When I put Stripe integration into PieFed I had absolutely zero donations through there, meanwhile my Patreon and Librepay had dozens of dollars in donations. Dozens!
People really really didn't want to donate directly, for some reason. So I disabled the Stripe option.
Instead, Patreon takes 8% and their only payout method is Paypal so Paypal takes a percentage (5%?) and then when I transfer it to my bank from Paypal there's a currency conversion so they take another 5%? and then I pay tax on whatever remains...
On our donation page, we put a breakdown of how much each platform takes from the donation and I think that is why a lot of users chose to donate through the methods that have lower / no fees: fedecan.ca/en/donate
I imagine as Crowdbucks develops, they will introduce more methods and improve user / platform choice. Dealing with payment platforms is annoying, so I'm looking forward to seeing what they come up with over time
Stripe has an amazing amount of currencies for payouts and accepts all kinds of payment methods, really really comprehensive. Pretty low fees too. Simple API and great great docs. They're all good.
So as much as I dislike crypto, it is basically built to be enshitification proof. And hence a good fit for the fediverse. But I wouldn't want to touch the crypto ecosystem with a ten foot pole, nevermind a lemmy/mastodon integration
Which leaves us at the behest of traditional payment processors, and they are all faceless conglomerates who care not for anyone. Meaning we're fucked there too
Maybe we should instead not bring transactions to the fediverse
lemmy indicates clearly liberapay is preferred . and it does seem to have an effect because patreon donations went down at some point while liberapay donations went up.
With that said liberapay fees are cited as being around 3.1% and maybe higher. some digital currencies are almost free (nano, ripple) and despite the hate you see i don't see a rational reason not to offer them as an option.
An open source project the size of Lemmy needs constant work to manage the project, implement new features and fix bugs. Dessalines and Nutomic work full-time on these tasks …
I've said it before, I think there's money in a service that crowd funds open source donations.
I use so much FOSS that making sure they all get some money is a real first world problem. If I can only give £10 that month what do I do? Rotate who gets the tenner? Give everyone £.20? Then you have to figure out how each service wants funding and organise that.
Instead I could go to FOSSfund select all the software I use and donate £x. That money gets divvyed up and stored with other people's donations until a threshold is reached.
When enough money is accrued the service makes a substantial donation. The FOSSfund itself is funded through interest gained while holding donations.
Of course I am a naive user that wants good things to exist and has no idea the difficulties in making them happen. Brb, off to vibecode a payment system. I forsee no problems. I will not be taking questions or feedback at this time.
Holy-shit it does!!! I couldn't find any of the main repos I want to donate too: Pi-Hole, jellyfin/seerr, *arr, immich. I guess that's an outreach problem? Getting PromoFaux (Pi-Hole) onto librapay. Pledges seem to help with that.
But Lemmy, Syncthing and Vaultwardern is in in there. I have a tonne of services using MySQL, it's in there.
Actually, there's a pretty decent possibility of this happening! Ben from Bandwagon is currently looking into this for the underlying Emissary platform. If it proves easy enough to integrate, there's literally no reason not to.
Proving it in one project might see adoption across similar efforts.
I just received news that crushed me on top of everything I’m already enduring. An email was sent to my cousin the one who manages our campaign abroad, since we Palestinians from Gaza are not allowed to create accounts or links ourselves. He set it up for us, but unfortunately, we have received only a small amount of donations so far.
In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL database, and how we obtained read and write access to 1 million code repositories, including private ones.
In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL datab…
Use of the Palestinian flag is censored and targeted many places, so people replace it with a watermelon with the same color scheme to still show support but with a symbol that they can't really censor.
I greatly admire people who do things like this, it takes courage. They'll get hammered with the usual criticisms "quit your job if you don't like it", and "terrorist supporter" and the same old anti-activist bullshit.
It takes a backbone to put your reputation and career on the line. Even if the likelihood of succeeding in your goals is miniscule.
Still vulnerable: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce
::: spoiler Key Points
A new clickjacking technique where a malicious script manipulates UI elements that browser extensions inject into the DOM by making them invisible using javascript.
In my research, I selected 11 password managers that are used as browser extensions and the result was that all were vulnerable to "DOM-based Extension Clickjacking". Tens of millions of users could be at risk (~40 million active installations).
A single click anywhere on the attacker's website could leak credit card details including security codes (6 out of 9 were vulnerable) or exfiltrate stored personal information (8 out of 10 vulnerable).
All password managers filled credentials not only to the "main" domain, but also to all subdomains. An attacker could easily find XSS or other vulnerabilities and steal the user's stored credentials with a single click (10 out of 11), including TOTP (9 out of 11). In some scenarios, passkey authentication could also be exploited (8 out of 11).
All vulnerabilities were reported in April 2025 with a notice that public disclosure will be in August 2025. Some vendors have still not fixed described vulnerability: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce. Users of these password managers may still be at risk (~32.7 million active installations).
For Chromium-based browser users it is recommended to configure site access to "on click" in extension settings. This configuration allows users to manually control autofill functionality.
The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.). :::
Zero-Day Vulnerability allow attackers to steal users data Found in Password Managers( 1Password, Bitwarden, LastPass, Enpass, iCloud Passwords, and LogMeOnce remain unpatched— still vulnerable)
Still vulnerable: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce
::: spoiler Key Points
A new clickjacking technique where a malicious script manipulates UI elements that browser extensions inject into the DOM by making them invisible using javascript.
In my research, I selected 11 password managers that are used as browser extensions and the result was that all were vulnerable to "DOM-based Extension Clickjacking". Tens of millions of users could be at risk (~40 million active installations).
A single click anywhere on the attacker's website could leak credit card details including security codes (6 out of 9 were vulnerable) or exfiltrate stored personal information (8 out of 10 vulnerable).
All password managers filled credentials not only to the "main" domain, but also to all subdomains. An attacker could easily find XSS or other vulnerabilities and steal the user's stored credentials with a single click (10 out of 11), including TOTP (9 out of 11). In some scenarios, passkey authentication could also be exploited (8 out of 11).
All vulnerabilities were reported in April 2025 with a notice that public disclosure will be in August 2025. Some vendors have still not fixed described vulnerability: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce. Users of these password managers may still be at risk (~32.7 million active installations).
For Chromium-based browser users it is recommended to configure site access to "on click" in extension settings. This configuration allows users to manually control autofill functionality.
The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.). :::
Still vulnerable: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce
::: spoiler Key Points
A new clickjacking technique where a malicious script manipulates UI elements that browser extensions inject into the DOM by making them invisible using javascript.
In my research, I selected 11 password managers that are used as browser extensions and the result was that all were vulnerable to "DOM-based Extension Clickjacking". Tens of millions of users could be at risk (~40 million active installations).
A single click anywhere on the attacker's website could leak credit card details including security codes (6 out of 9 were vulnerable) or exfiltrate stored personal information (8 out of 10 vulnerable).
All password managers filled credentials not only to the "main" domain, but also to all subdomains. An attacker could easily find XSS or other vulnerabilities and steal the user's stored credentials with a single click (10 out of 11), including TOTP (9 out of 11). In some scenarios, passkey authentication could also be exploited (8 out of 11).
All vulnerabilities were reported in April 2025 with a notice that public disclosure will be in August 2025. Some vendors have still not fixed described vulnerability: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce. Users of these password managers may still be at risk (~32.7 million active installations).
For Chromium-based browser users it is recommended to configure site access to "on click" in extension settings. This configuration allows users to manually control autofill functionality.
The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.). :::
Zero-Day Vulnerability allow attackers to steal users data Found in Password Managers( 1Password, Bitwarden, LastPass, Enpass, iCloud Passwords, and LogMeOnce remain unpatched— still vulnerable)
Still vulnerable: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce
::: spoiler Key Points
A new clickjacking technique where a malicious script manipulates UI elements that browser extensions inject into the DOM by making them invisible using javascript.
In my research, I selected 11 password managers that are used as browser extensions and the result was that all were vulnerable to "DOM-based Extension Clickjacking". Tens of millions of users could be at risk (~40 million active installations).
A single click anywhere on the attacker's website could leak credit card details including security codes (6 out of 9 were vulnerable) or exfiltrate stored personal information (8 out of 10 vulnerable).
All password managers filled credentials not only to the "main" domain, but also to all subdomains. An attacker could easily find XSS or other vulnerabilities and steal the user's stored credentials with a single click (10 out of 11), including TOTP (9 out of 11). In some scenarios, passkey authentication could also be exploited (8 out of 11).
All vulnerabilities were reported in April 2025 with a notice that public disclosure will be in August 2025. Some vendors have still not fixed described vulnerability: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce. Users of these password managers may still be at risk (~32.7 million active installations).
For Chromium-based browser users it is recommended to configure site access to "on click" in extension settings. This configuration allows users to manually control autofill functionality.
The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.). :::
Still vulnerable: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce
::: spoiler Key Points
A new clickjacking technique where a malicious script manipulates UI elements that browser extensions inject into the DOM by making them invisible using javascript.
In my research, I selected 11 password managers that are used as browser extensions and the result was that all were vulnerable to "DOM-based Extension Clickjacking". Tens of millions of users could be at risk (~40 million active installations).
A single click anywhere on the attacker's website could leak credit card details including security codes (6 out of 9 were vulnerable) or exfiltrate stored personal information (8 out of 10 vulnerable).
All password managers filled credentials not only to the "main" domain, but also to all subdomains. An attacker could easily find XSS or other vulnerabilities and steal the user's stored credentials with a single click (10 out of 11), including TOTP (9 out of 11). In some scenarios, passkey authentication could also be exploited (8 out of 11).
All vulnerabilities were reported in April 2025 with a notice that public disclosure will be in August 2025. Some vendors have still not fixed described vulnerability: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, LogMeOnce. Users of these password managers may still be at risk (~32.7 million active installations).
For Chromium-based browser users it is recommended to configure site access to "on click" in extension settings. This configuration allows users to manually control autofill functionality.
The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.). :::
I Maneskin sono pronti a tornare insieme nel 2025. Dopo la pausa che ha segnato la carriera della band romana, i conti economici e i risultati da solisti hanno accelerato la decisione della reunion. Victoria De Angelis si è distinta con un successo superiore rispetto a Damiano David, e la band tornerà a esibirsi dal vivo entro fine 2025, con un tour mondiale già previsto per il 2026.
Vor sieben Jahren konnte diese Geschichte vielleicht noch wie ein intimes Indie-Drama aus Brooklyn wirken, aber heute erkennen wir, dass der Film eine Vorwarnung war. Denn längst nicht nur in den USA hat sich seither ein Kulturkampf entfesselt, der gegen jede Form von Förderung von Vielfalt und geschlechtlicher Selbstbestimmung aufmarschieren lässt. Kulturkrieger:innen streichen systematisch Programme, verbannen Bücher aus Schulen, säubern Lehrpläne und selbst das Fernsehen. Zu unserem Glück aber noch nicht bei 3Sat. (3Sat)
Amazon Web Services (AWS) has teamed up with Intel to announce the eighth generation of memory-optimized EC2 instances: the R8i and R8i-flex. These new instance types run on specially developed Intel Xeon 6 processors with DDR5 7200 MT/s memory.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
![[Illustrative photo] purposes. Ukrainian troops and their U.K. military instructors commemorate lives lost in the Russian invasion of Ukraine during a sunrise commemorative service, at Lydd army camp in Kent, 2023](https://poliverso.org/photo/preview/640/56594551 "[Illustrative photo] purposes. Ukrainian troops and their U.K. military instructors commemorate lives lost in the Russian invasion of Ukraine during a sunrise commemorative service, at Lydd army camp in Kent, 2023")
Source: CrowdBucks
You can view our demo account here. Please, don’t actually donate to this.
wetbeardhairs
in reply to BrikoX • • •BrikoX
in reply to wetbeardhairs • • •wetbeardhairs
in reply to BrikoX • • •BrikoX
in reply to wetbeardhairs • • •