I don't know how it is in US, but in Europe, the amount of scams is growing. Twitter blue checkmark was created to distinguish real humans vs scammers.
The fine was to protected the users from that scam.
I like paying taxes to protected the users that don't have the ability to detect scams as we all here have (most of the time).
EU miss the point equally to the Congress in uuss when non tech people believe they can rule (or just lobbied).
But on this case, there will be no problem if Twitter had decided to use another checkmark for pro accounts.
I was going to comment on the Mac exclusivity too which might be a bad idea now that Linux is on the rise. But you're right, there's a Linux beta too now. Thanks for the pointer.
I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.
I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.
Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .
> It's insane that I can't even develop for my own phone without paying an extra fee to Apple.
A Linux phone can’t come fast enough. Yes there is at least one, on ancient hardware. IMO a viable Linux phone requires hardware at most one generation old.
That Linux phone is called Android. It runs plenty fine enough even without GApps (or with shims like microg), and the sheer amount of engineering needed to make baseline linux even usable as a phone system is over a dozen years away.
Android with binder is a strictly superior architecture that anything else that has come for strict isolation. As a bonus, it's battle tested, and latest Android phones just... run linux. You can have a shell and GTK if you so desire.
While this is mostly a KVM setup, there's nothing specific about Android that prevents a linux userspace from running in there. Each app is almost one already. Most of its core components have been integrated into linux's main repository (like binder), and AOSP isn't that far off from a regular Linux. Sure, zygote, user & power management are not exactly a standard install, but they're not that crazy either
Okay, so suppose I want a linux and not an android phone, so I get an android phone, disable login password etc, and delete everything except "Linux Terminal" and put my linux there.
What sort of tradeoffs would I see? Performance? Battery life? Security (secure enclave access?)
Aside from a misplaced obstination to have _Linux_ as the base for your phone with all the awful power management, high energy use, bad governors, terrible process isolation and fleeing security holes everywhere in a phone that most of the times contains access to your entire life, what does Linux give you that Android doesn't? Both are FOSS.
While vibe coding will get you something that potentially works, I've noticed LLMs are really bad at cleanly abstracting across multiple layers in this area. They usually will insist on parsing and serializing every field at every layer.
If you have the protocols/interfaces well defined up front it is very fast at building extensions, analytics or visualizations though.
> I've noticed LLMs are really bad at cleanly abstracting across multiple layers
Which makes sense, as most developers are too (it’s a particular non-trivial skill and rarely modeled wrll), so LLMs are more likely to be trained on muddled multiple layers.
mitmproxy/mitmweb offer a WireGuard server implementation to do pretty much this. You can grab any existing WireGuard VPN, scan a QR code to import the VPN config, and start monitoring (after installing the MITM certificate, of course).
The packet tunnel story is crazy. I'm glad Android allows you to just use network APIs without question as a developer.
That's what I usually use. The packet tunnel method is used if you want everything to be fully local. My plan was to make an app that can locally spoof your location on iOS without a third party able to MITM.
I had excellent experiences w mitmproxy (and mitmdump) in 2016-17. At that point it was powerful and easily scriptable, making it far superior to charles for my purposes.
What I really like about mitmproxy is that it runs on my server with a certificate I trusted on my phone.
I then flip on WireGuard on my phone, pointed to mitmproxy, and seamlessly all traffic from my phone is decrypted and viewable through the website on my computer.
Except of-course all the applications these days that do certificate pinning, which is annoying, but for that we have Frida.
mitmproxy isn't the gold standard; it is Burp Suite, sadly.
Burp Suite uses a subscription model. Charles a model like Sublime Text: you buy it and get to keep the version forever, major upgrades available for a discount.
I had to chuckle at this one:
> If you purchased a Charles license prior to 1 May 2008 your existing license key is still valid for Charles 5.
So I guess in past they used a model where you'd have lifetime upgrades.
Which also made me think: I recognize this name! This has to be an older piece of software. Was it published on Freshmeat in the start of this century?
There's also some TUI for Wireshark, such as frontends for tshark. I think [1] looks interesting, since it can be used with a local LLM (via Ollama).
mitmproxy supports quite a few features that Charles doesn't and vice versa. You could use them as alternatives for basic browser traffic analysis (where they're both fine), but their features and capabilities cover different areas. Charles is user friendly and robust, mitmproxy has advanced scripting capabilities with a decent amount of community examples available. They complement each other.
Wireshark is extremely powerful and useful but it lives in a completely different category of tools. It's not a proxy so it can't modify traffic or inspect HTTPS [1], it's used to passively capture and analyze general network traffic and troubleshoot networking issues.
[1] without an elaborate setup, your program needs to be instructed to dump TLS encryption keys for Wireshark to read
I was a daily user of mitmproxy, until they changed all they keybindings around version 2. Tried a couple of times to get used to the new “TMUX” style, but switched to Charles Proxy.
Have mitmproxy gotten any better in usability over the years?
Just based on the images, is seems to have the same problems?
I generally prefer mitmweb, the web frontend for mitmproxy. I don't have much of a problem with their tmux-like UI, but I find mitmweb a lot easier to use than the keyboard shortcut based terminal navigation.
Same experience. The V1 and V2 was simple to use to clear, start capture, navigate etc.
Everything felt broken after the switch, for the trade off to get more features?
Microservices should have clear owners reflected in the org chart, but the topology of dependencies should definitely not be isomorphic to your org chart.
I wouldn't generalize it that much. There are few patterns where Turbo Streams, subscriptions, and permanent frames still make a lot of sense.
One classic case is user notifications - like the user icon in the corner. That's perfect as a permanent lazy frame, with a subscription watching for any user-related updates. This way you don't have to think about updating that widget across different pages, and you can centralize all user-related async events in
one controller.
Another pattern is real-time dashboards. You never know which part of the dashboard will change, and it's actually simpler on the backend: you just track what was updated and push that specific part. Clean and efficient.
I looked at their codebase and it seems the other party was doing. I'm seeing a pattern here where either this is not really a copyright problem but possibly a marketing stunt if its not, then it may well be an emotional spiral or lash-out for one person extending another's open source logic even with attribution clearly given. If so then this is not healthy for the open-source community.
Also is it legal to start with MIT and change to Apache midway? The laws around opensource licensing are so tricky and cutthroat at this point.
Also does anyone know what this Intentional License is from the other party, I have never seen it before. It seems that's what their main package is while the other packages are Apache. If its custom is it even legal to just create a new OSS License out of nothing?
There's too much gray area with OSS especially when it comes to legalities we almost need a standard.
I'm the victim and yes, this is not entirelly about AI. If you have read the hall of shame, you'll know that they tends to lie. If it was only someone tried to use my code as their basis and forgot to include the attribution, after my notice they added, it's totally not worth a "hall of shame", and I'm actually glad that someone finally appreciates my works and make them useful.
But the reality is, they lied to everyone and I'm a chained victim. I was introduced to him by NativeScript, and before that he didn't even know the existence of rEFui. Now rEFui has become the most important fundament of their entire project, clearly indicates that they want to get something for nothing from the very beginning.
Till now they still didn't answer me why they made the basic mistakes and how it was fixed.They avoid everything I ask about them unless I presure them very hard, they'll give a very vage respond that answers nothing.
> is it legal to start with MIT and change to Apache midway?
As the author of the project, I have every right to change the license to anything. But also, I didn't wash the history to hide that the project was MIT. Technically I can, but that actually violates MIT itself and I don't want to be someone that say one thing and do another.
> even with attribution clearly given
They won't until I presured them very hard. They also washed much more than my projects, but also without attribution until I notified those project's authors. Actually, till now the code are still not fully attributed, only few get a proper attribution. They have now extracted code blocks from my original project into many many small separated files (potentially trying to hide the origin even further), but the code logic are actually not changed at all. According to those license, each piece of code they extract should keep an attribution to my original project.
I have a backup of the deleted project that contains the entire commit history of how he laundered these projects, and I can provide the entire Discord message history if you need evidence of all my statements.
Based on what you just said, it's not a copyright issue since you admitted that they gave attribution of which we can all see in their licenses and in some file notices. And based on my analysis of their codebase and as someone who's been coding for 20 years and what you just admitted to its not an AI issue either. Anyone who knows how to code would be able to tell AI Slop from structured human code. However, you kept referencing two or more repositories so which one?
> They also washed much more than my projects,
There's a lot of projects that use others as the basis of theirs as long as they have given attribution and have created a different upstream. Also the projects seemed very different from each other. If the case is a washed up project then that actually means its a completely different project.
> till now the code are still not fully attributed
My advice will be to reach out to the authors and point exactly the files you think is missing attribution. Since they have already added attribution and licenses as I can see, then I'm sure a few missing notices wouldn't kill them. But that's something you'd need to work out with them.
> I have a backup of the deleted project that contains the entire commit history of how he laundered these projects,
This is not relevant if its a deleted repository. I would suggest you focus on the new project you think is still in violation instead of referring to a completely different project if you want to hold a good stance.
In my opinion there's really no value in code anymore, I think the value should be what problem you are solving in a unique way. There are already millions of open-source projects on the internet and any one of them could have the same logic not because someone copied the other but because they were probably trying to solve the same problem and hence came to the same conclusion.
> Till now they still didn't answer me why they made the basic mistakes and how it was fixed.They avoid everything I ask about them unless I presure them very hard, they'll give a very vage respond that answers nothing.
As someone who has been in the industry for a long time, this comes off as entitled and demanding which may put the other party off and force them not to collaborate with you, I have seen this happen many times when people reach out to others to use their work as the foundation for a new work there is usually a sense of collaboration involved especially in OSS. When one party becomes entitled this is what causes forks and upstreams.
If you ask me as someone who has been in the same position as you it really is an easy fix. Simply reach back out in private since you've already been introduced without any anger or grandiosity (I know the situation can cause one to feel emotional). Someone arguing in good faith is always better than someone venting or spiraling. This will also be a good look for you and your project otherwise everyone one on the internet will just keep telling you what you want to hear but not the reality of how the industry work or how to actually fix it.
> it's totally not worth a "hall of shame"
You are right here. Imagine if every project that upstreamed another MIT or Apache project added this to their repository. An example would be if Feather Icons added Lucide Icons to their hall of shame because Lucide Icons created a derivative but still totally different work from Feather Icons. Also, Imagine someone added your own project to their hall of shame, you would no longer want to work with them would you? OSS has always been about community and collaboration. This is not it.
But my opinion are just mine feel free to approach this anyway you like but nobody wants the creators of the projects they use to have a bad look.
> I'm actually glad that someone finally appreciates my works and make them useful
I think you already have leverage here since they are most likely to even go out of their way to keep you happy but you just have to approach it from a sensible way especially if they are people with more resources than you which it seems if they where introduced by NativeScript.
> clearly indicates that they want to get something for nothing from the very beginning
Since they where introduced to you by a trusted party then your assessment on them trying to get something for nothing may not be true. Because bad actors would usually not bother in the first place. So its most likely they don't actually have any bad intentions and where probably put off by something else. Also you mentioned they Sponsored you in the hall of shame this is not the behavior of people with bad intentions. I'm just saying there is a possibility that you are seeing or approaching this wrongly.
Maybe the world around you is just too kind to you.
> which we can all see in their licenses and in some file notices.
Not enough. If not they have lied to me, I won't care about the file-level attribution at all.
> I think the value should be what problem you are solving in a unique way
Yes, the code contain my own construction of a signal system implementation and my own algorithms that AI's can't get them shuffled or rewritten.
> which may put the other party off and force them not to collaborate with you
I actually assisted them pretty well at the beginning, until I discovered that they're lying. They reached me through NativeScript(which is proved to be another vitim of them later), and promise me that they're making a huge ambitious project that even Google and Meta failed.But they're making really really basic mistakes that even a noob should know where the problem is, and they didn't even try to address the problem themselves - I pointed out the problem, and they just refuse to investigate and debug, refusing it really hard. It's them that first starting to not cooperate.
> Also, Imagine someone added your own project to their hall of shame, you would no longer want to work with them would you?
This happens *after* their non-cooperation.
> which it seems if they where introduced by NativeScript.
NativeScript is also been lied to. They tell me that they plan to acquire NativeScript but failed at giving evidences that they have the ability to do so. When I asked NativeScript side about the acquision, they're shocked to hear this, and denied the possibility of being acquired as it is now a OpenJS Foundation project.
> Since they where introduced to you by a trusted party
That's their trick. They claim they worked for Nvidia, it tricks NativeScript and then they can use NativeScript's introduction to trick me. It is almost impossible to verify that they really worked for NV but it tricks people into beliving they're capable of something big, but actually they can't even debug such a simple problem on their own.
> Also you mentioned they Sponsored you in the hall of shame this is not the behavior of people with bad intentions.
It's also their trick. They want to get much more from me beyond the project itself, totally ignoring that I have my own projects and plan. Also the price they claim to pay for what I'm going to do is really really low, considering how ambitious the project is and how incapable themselves are.
https://nanovms.com/dev/tutorials/running-postgres-as-a-unik...
reply