Let's hope that there are also a few organisations that run Friendica instances so that the offer becomes a bit bigger. In the last two years, everyone has been totally fixated on Mastodon and many have opened a Mastodon server without realising that there were other options.
"Instagram" is, at least in my opinion, about as awkward as "Friendica" to say, and has millions of users. It wins marginally on spelling, but how often does the average user write or type the full name of a site anyway?
Same as Instagram or Telegram. Really, stop nitpicking the name of FOSS projects excessively. I get that they're not the best, but they're not really a dealbreaker for most of the people outside the marketing departments.
Otoh, what if we would all call it Friendi as well (just like we did with Insta? Or Fren?
I believe Facebook’s name came from an actual thing. The company was created for college students. Many campuses, would give face books that had students and professors from the universities.
Friendica was the fediverse, before there was a fediverse... And it was no different from other names of the era, like Sym.pati.co... DiGG, Reddit, etc etc.
All of those just sound easier to pronounce, even though "sympatico" is kinda longer than necessary. My point is that almost all the Fediverse software has awkward to pronounce names which doesn't really help with the initial adoption.
I mean, it is what it is... The name is over a decade old, and was likely selected because it sounded "technical". Friendica came about only a couple of years after facebook opened up for the wider public.
Someone mentioned a name to designate words with two syllables as a good way to name products (Twitter, Apple, Google, Netflix), but I can't find it back.
For me it oozes cringey 2010-era hype about this newfangled buzzword "app", which also doesn't even rhyme with "up" except to the obviously non-native developers who clearly thought it did. Etc. We will agree to disagree!
Ah but even coming from a native speaker, it just flows so smoothly and feels just like saying what is arguably now the most common greeting said in English. To me it's like the word "app" is hiding itself right in the most natural greeting, the greeting also being a symbolic distillation of the app's purpose - there's an elegant, simple symmetry to it in my ears, the opposite of buzzword cringe!
But hey, opinions and assholes eh? Taste is so subjective lol. Just glad they didn't name it iWhatsApp, then we'd agree and be big mad
I agree that it is an exceptional software, perhaps the best of the Fediverse, but it has a terrible name. The reason for this name was to mark a continuity with the first potentially federated social network, namely "identi.ca"
Moreover, despite the name, it is not a really friendly software, but presents several ergonomic complexities. Finally, I add that when I pronounce it with my dictation system, it is always transliterated as "free handicap", which is a very inclusive thing, but every time I have to correct it... 🤣
This is also why I decided to call my instance with a different name such as Poliverso, Too bad that a few months later Zuckerberg decided to launch his failed Metaverso project, which is why every time I have to explain that I did not call it that to parody the Metaverso 🤬
Isn't that what you want for a Facebook replacement though?
I guess being able to browse public profiles and posts would be good, but if it's like Facebook then wouldn't most people be using their real names and posting about semi-personal IRL stuff?
You'd want that stuff to only show for your friends, and maybe friends of friends
I mean you could use totally fake and made up profiles, I just want to see what the UI looks like and maybe literally anything about the site and how it works?
It is a Facebook alternative, after all. But now that you're speaking, I think it would work if a link to the community page would be visible straight from the login page. You can still see the public feed as of speaking, but you have to go to instance.address/community to see it.
Edit: seems like this is not a universal issue with Friendica, but rather just something to add to the Frio theme which is the default for the majority of the instances. For example, where the Vier theme is used by default, there is a community button available: social.outsourcedmath.com/ is one example.
Hopefully someone does a more modern theme that has this button too.
I did not receive your response in time, that's why I edited my previous comment. Sorry about that.
Imo, I'm more concerned about Facebook's data hoarding practices and its future moderation practices than whether it has a public feed or not. LinkedIn and VK (probably G+ either, can't remember) - other two social networks that are more similar to Facebook in UI - do not have publicly accessible feeds either on their home pages, yet they still managed to get plenty of users. Probably no longer still relevant, but diaspora is also featured as the 1st alternative to Facebook. Yet if you go to any diaspora server, say diaspora-fr.org/, there's no way to access a public feed either.
Some Friendica servers (probably some Mastodon servers too) are also actively blocking their local feeds from unlogged users, so that's also an aspect to keep in mind.
I understand that for some people (I simply don't care that much about this aspect, but I understand you do), the lack of a public feed might be an impediment, but I think it's way less harmful than other things that Meta does to its users.
Diaspora* only supports diaspora protocol. It has about a few thousands MAU I'd say. If you use it you can interact with Diaspora* users and with Friendica/Hubzilla users from servers that have the diaspora addon. You can see a list of Diaspora* pods here.
Friendica on the other hand natively supports ActivityPub, and has addons for BlueSky, Diaspora* and Tumblr (Not all servers have them enabled). It has 3k MAU, but you can communicate with much wider range of folk. There's also the Friendica directory, allowing you to find interesting folk to follow much more easily. If you want a stable instance I can recommend friendica.world/ , it's managed by the admins of lemmy.world .
Thanks. Yeah after further considerations I went with Friendica. And yes I created my account on Friendica.world also. I think it has a better shot at surviving. But we never know. It takes one fuck-up and everything could go to shit.
I would have recommended you mine or venera.social. They're around 10 years old or something, so quite some time. But they've temporarily closed signups. nerdica.net and anonsys.net have also been around for quite some time, although the former had some problems last year and lost years of database. ouch.
Then there's social.trom.tf, which has some of the most wonderful custom themes I've seen on Friendica, but their opinions on stuff are a bit weird for me...
The tough part about something like Friendica is that it's usefulness very dependent on how many of your friends are on it. You'd need a group of friends to all join together for it to stick.
Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of ...
Depends on what you want to play. If you want to play current games with current hardware then current kernel and drivers help a lot. A base Debian would (if it even works) probably less FPS than an current gaming distro.
A base Debian would (if it even works) probably less FPS than an current gaming distro.
Can you please elaborate on why? I'm running Debian stable with NVIDIA drivers and... it "just works". I'm using Steam to get Proton and game content (e.g. was playing Elden Ring minutes ago). I didn't tinker much so wondering what I could be missing.
Drivers are 535 on stable, cf wiki.debian.org/NvidiaGraphics… so it's definitely not the very latest yet even though drivers are important I doubt (and please share benchmarks if I'm way off) there is a radical performance difference.
Oh I'm not advocating that you switch distributions. If you're happy with performance there's no reason to change.
The only thing that gives me pause with outdated drivers is the possibility of being exposed to unpatched security vulnerabilities. But in my experience Debian does provide updates when it's critical.
Theres a difference between stable and outdated. Generally bleeding edge will introduce many more vulnerabilities than will go unnoticed in stable.
Debian is known (almost exclusively) for only updating their repo when they're certain it is safe, but also rapidly pushing security patches; its a server oriented distro where security is paramount.
Yeah I'm thinking bout trying something new because Nvidia just put out new drives to fix a security issue but mint hasn't seemed to update the driver manager.
Throw a distro like Nobara or Bazzite on and see what you get. You might have it optimized quite well, but chances are that the kernel version is far enough behind that many of the graphics tweaks aren't compatible. nVidia open drivers have come a long way in a very short time, and they rely on newer kernels.
You should just be able to shrink a partition and dual boot between distros, or put another drive in and use that.
That being said if youre looking for performance, the last thing you'd want is open source nvidia drivers; theyre built entirely off reverse engineering, which takes time. This allows for large performance gains like those of late.
The proprietary stack hasn't had much change in performance over the last couple updates, a couple have even result in a performance regression to push new features. As of the latest preview driver (565.77) the minimum kernel supported goes back to the 4.15 Linux kernel release. This technically means you'd be able to run the latest nvidia drivers on anything newer than Debian 10 buster, which went out of support in September 2022.
Sounds like you might have gotten some of your info sources crossed - but thats exactly why distros like Bazzite exist, you dont have to worry about any of this background compatibility bs.
That being said if youre looking for performance, the last thing you'd want is open source nvidia drivers; theyre built entirely off reverse engineering, which takes time.
Pretty sure that is not true anymore since a couple of years. Only newer cards can capitalise the gains from the 'official' open drivers though.
With the R515 driver, NVIDIA released a set of Linux GPU kernel modules in May 2022 as open source with dual GPL and MIT licensing. The initial release targeted…
much of the important graphics code isn't actually open-source. Nvidia appears to have moved much of its proprietary code into the firmware on its graphics cards, which the open-source code interacts with.
So while they did 'open source' their drivers, theyre also not accepting contributions that aren't in house. The codebase is too locked down to benefit other projects like NVK, as a true FOSS project would be.
Bit of misinformation on this thread, but generally the only thing that can actually get in the way of someone dedicated enough will be compatibility and security systems.
You probably won't have any luck getting nvidia drivers on android for example, nor take the time to back port those drivers to an outdated kernel.
I suppose you could also have an OS that takes most your system resources for non-gaming tasks, making games unplayable. Something like nixos is non-gaming centric and could reasonably be more optimised than bazzite, less background processes making games actually run better on it.
Agreed, I've been running gaming-focused distros mostly because of the convenience of everything being ready and set up, but I've never had any issues on a non-gaming distro to set it up for gaming either.
I have a dual-boot Windows partition just for games and I keep using it less and less. Valve has done incredible work with Proton. It has been months since I have booted into Windows, and that's with a weekly games night where we are generally trying something new every week.
Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of ...
Utpekade i fotbollsagentaffären uttalar sig. I Göteborg har det varit tre våldsamma attacker mot personer som har eller har haft kopplingar till fotbollsagenturen Universal 22 (Universal). En skjutning mot en lägenhet i Hjällbo, Angered, en bomb mot en fotbollsagent i Eklanda, Mölndal och en bomb mot två släktingar till en fotbollsagent, Det sistnämnda skedde i Burås som ligger i Krokslätt, Göteborg.
What am I looking at exactly? I see a cropped image, and mastodon is under 70%. Based on an educated guess and nothing more, I'm going to guess what you're trying to convay is that in the pie that represents the total fediverse, mastodon used to account for more than 70%, and now smaller services are growing. So mastodons total pie share shrinks, as the pie grows in other areas.
Is that about what you're trying to say? Or am I way off?
I thought the exact same thing. A badly cropped picture assuming everyone is familiar with the site it is taken from. Not even a fucking link back to the site.
Well I’ve been saying for a while that the fediverse needs to move on from Mastodon in order to grow, so this is a good sign. Though this is total users, not active users AFAICT.
It’s incredibly active. It’s not gigagigant size, like masto, but it has a userbase large enough to survive for many years without an infusion. Reddit is still censoring lemmy sites, in case anyone else is curious
People forget web forums were way smaller than lemmy and ran just fine and were very active. Lemmy has a very different use case to mastodon. Since you don't need individuals to latch onto. We are having a discussion on lemmy as equals around a topic not followers of a person like how a Micoblog is designed to be.
Even many regional message boards or forums we're very active. Boards.ie in Ireland was the nerds internet forum. A fediverse before there was one. It was the go to for info about anything tech related or internet culture. Whirlpool in Australia is still the go to for info about internet and broadband, and is still active, if much reduced.
Its wild to me how active lemmy feels compared to mastodon. I told my normie friends about it when I found out about it during the migration and they insisted that it would die and recently I was able to update them and say its still going strong and its got its own unique vibe that feels different from reddit.
It's because you can actually have discussions on Lemmy, whereas microblogging like mastodon is just "old man shouts at cloud" multiplied by 2 million people. I never understood the appeal.
I'm not sure how this is measured, but from what I've seen by using mastodon a bit, they have a lot of bots that repost content from other sources, so in that way it feels a lot less active.
I know this is pointing at percentages, but those numbers are still way off from whatever else I was just looking at earlier today. Like they had lemmy #2, Pixelfed #3 and loops, whatever the hell that is, at like #5. Here on the best Fedi platform, friendica, they said there were just over 2,000 active users, making loops already at 6 times larger than us. I still think we need to get ready because someday the facebook migration will come and boy howdy.
Hopefully in 10 years, the moderation tools will be good enough to deal with a scaling userbase. What the fediverse needs is moderation subscriptions i.e subscribing to or unsubscribing from moderation actions of different groups or people.
For example, joining a community would subscribe you automatically to the moderation list of that community, but you could also unsub from the list if you don't like the mods there and sub to a group of people you trust more with mod decisions. Imagine if there's an overeager mod in the community you subbed to and you wanted to exclude the modding decisions - mod lists would allow that.
Hmmm, fedidb says "total users: +93K since last month", "total monthly active users: +68K since last month". That's not that much, but not too shabby either.
Of course, it's helped along by the fact that people don't have it installed already. But still fun to se the Fediverse represented in the list of popular apps. I think similar things are happening on Android in many countries.
The issue to that is some moderation is mandatory by law, e.g. CP, copyrighted works. So mods still have to have the ability to remove data from the instances server completely, not just hide it. And instances probably also want to be able to have enforced rules on top of that.
I think what could do better is federating on communities level. So if you post or comment to memes community, it can post or comment to version of the community on multiple instances, each with different moderators.
The front page of Reddit was the same 10 usernames for majority of the sites existence. I wouldnt be surprised if it was still the same users just using multiple accounts because so many people blocked their mains.
but mastodon is not the same type of app as Lemmy ? why would they be compared? are they being compared? I'm just guessing because it's all cropped away
Well, see, Mastodon has had a functional monopoly on ActivityPub usage, and also Mastodon users are able to and do engage with Lemmy communities. Mastodon's share of AP usage going down is of interest because the fediverse has a monoculture issue, and that's a thing people on a forum like this one should keep in mind.
What's missing is that Pixelfed shot up in usage this week with it's official app releases on Apple and Google app stores. It at one point surpassed Facebook and Instagram in the top 10 on Apple I think. That surge was enough to reduce Mastodon's usage to under 70%. I think Pixelfed monthly active users is now like twice that of Lemmy.
Google vill inte ha nån faktakontroll. Först spårade X ur efter att det köpts av högerextremisten och storkapitalisten Elon Musk. Sen deklarerade Meta att de skulle slopa faktakontroll på Facebook, Instagram, Threads och WhatsApp. Därefter följde Amazon efter och sa samma sak. De driver Twitch och Goodreads.
They are enabled to (also) run on phones. E.g. libadwaita makes it possible to write application which can adapt to the screen size and therefore run on big and small screens.
Yes, they are mine. I guess the question is targeted if they are done on a mobile device. The screenshots are done on Fedora Silverblue Gnome on a Dell XPS 13 laptop developer version (~7 years old). But I also have the Librem 5.
You can put the newer apps in a 'simulate phone screen' mode (it's still in development).
You sure did. Maybe libadwaita even includes tools to make it easier or something, I don't know. I just think maybe the toolkit that breaks everything all the time isn't the best example.
Call it hate if you want, but it is an intentional design decision to break compatibility with other DEs. That is a choice they consciously made and have been very clear in communicating. There are trade offs involved. I'm not saying it's a completely irrational choice or anything, but it is aggravating for those of us that don't use Gnome when we have to deal with libadwaita apps. Libadwaita is designed from the ground up to be a Gnome exclusive thing. It is not for Linux. It is just for Gnome. That is the developers' stated intention.
I really wanted to try developing for these. But after flashing my old poco F1 with postmarket os, the phone died instead. Now I can't justify buying a phone just for this.
It's a joint project between many organisations, primarly KDE and Gnome. In practice right now it's legally hosted by Gnome and they're trying to make flathub into its own organisation.
I think it's the other way round, when the amount of interesting SW is rising,the probability of good HW will be higher. And yes, as we can see, the SW can be developed independent of HW.
Linux tablets? I have a lenovo tablet that now runs fedora, but the hardware is not meant for gaming. I think Legends of Lumia was the game that I played, but the sound was missing.
The FuriPhone FLX1 is here! Ready to ship, the FLX1 is ready to purchase. Buy the FLX1 Now Read the FLX1 owner reviews! It’s finally here 4G and 5G is locked and loaded in FuriOS We have wor…
I guess I still do, but the problem is that while they recently expanded amount of devices they support, for some of them the "support" is just not what you think. Eg. I got Xperia 10 V just for the SFOS, but even though on their main list the device is listed as supported, turns out that camera, Android support and fingerprint sensor, these don't work. To be fair, this info was possible to find on their forums, and I did not have to pay for SFOS (they offer 6 month trial), so they have nothing to gain from communicating so badly, but it is what it is.
So in case you want to try it, just really make sure you know to what extent your device is supported.
The Early Access Program (EAP) for CLion 2025.1 has officially launched. The first EAP build, 251.14649.40, is here to provide an early look at some of the improvements coming in the next major release. You can download the build for free from the link be
The Early Access Program (EAP) for CLion 2025.1 has officially launched. The first EAP build, 251.14649.40, is here to provide an early look at some of the improvements coming in the next major release. You can download the build for free from the link below, via the Toolbox App, or as a snap package if […]
The Early Access Program (EAP) for CLion 2025.1 has officially launched. The first EAP build, 251.14649.40, is here to provide an early look at some of the improvements coming in the next major release. You can download the build for free from the link below, via the Toolbox App, or as a snap package if you’re using Ubuntu.
For the first EAP release, we’ve focused on improvements for CLion Nova and embedded development. Keep reading to ge
... show more
The Early Access Program (EAP) for CLion 2025.1 has officially launched. The first EAP build, 251.14649.40, is here to provide an early look at some of the improvements coming in the next major release. You can download the build for free from the link below, via the Toolbox App, or as a snap package if […]
The Early Access Program (EAP) for CLion 2025.1 has officially launched. The first EAP build, 251.14649.40, is here to provide an early look at some of the improvements coming in the next major release. You can download the build for free from the link below, via the Toolbox App, or as a snap package if you’re using Ubuntu.
For the first EAP release, we’ve focused on improvements for CLion Nova and embedded development. Keep reading to get all the key details!
CLion Nova
Thanks to ongoing feature additions and performance enhancements, our new language engine, CLion Nova, is increasingly ready to serve as the default engine for all users. With the start of the 2025.1 EAP, CLion Nova includes a new batch of the most requested features from CLion Classic, including several smart keys and actions.
Smart keys
Smart keys are actions designed to help you write code faster and enhance your overall experience in the IDE. One such feature we’ve added in the first 2025.1 EAP allows the IDE to ignore indentation when you press ⌫ (macOS) or Backspace (Windows or Linux). To try it, go to Settings | Editor | General | Smart Keys, scroll down to Unindent on Backspace, and select Disabled from the drop-down menu. Another update relates to the Surround selection on typing quote or brace smart key, which allows you to surround selected text with quotation marks or braces such as [], {}, and (). We’ve now added support for < > and the ability to disable the feature entirely. When the feature is enabled, simply select the required text and surround it by pressing the desired punctuation mark.
Moving the caret to the start or end of a code block
CLion Nova now supports moving the caret to the beginning or end of a code block using the following shortcuts:
Move to Code Block End – ⌘⌥] (macOS) or Ctrl+] (Windows or Linux)
Move to Code Block Start – ⌘⌥ [ (macOS) or Ctrl+[ (Windows or Linux)
Move to Code Block End with Selection – ⌘⌥⇧] (macOS) or Ctrl+Shift+] (Windows or Linux)
Move to Code Block Start with Selection – ⌘⌥⇧[ (macOS) or Ctrl+Shift+[ (Windows or Linux)
Support for GoogleTest and Catch2 in Bazel projects
CLion Nova now supports the GoogleTest and Catch2 testing frameworks when working with Bazel projects.
Embedded development
The embedded development updates in this first EAP build mainly include new functionality for the Serial Port Monitor plugin and UX improvements to the Debug Servers configuration option.
Serial Port Monitor
We’ve extended the functionality of the Serial Port Monitor plugin to make it more useful for embedded developers working with devices that use a serial port such as Arduino and ESP32.
We’ve added the ability to view and manage the DTR, DSR, RTS, and CTS hardware control signals, giving you more control over your attached devices. For example, the DTR signal is connected to the hardware reset on Arduino and many ESP32-based boards.
To enable hardware control signals:
In the Serial Connections tool window, navigate to the Connect tab.
Select the desired COM port.
Click the Show HW controls checkbox.
The control options and indicators will then appear in the COM port tab. We’ve also added the ability to view timestamps in the monitor output – see [11:27:44.489] in the screenshot above. This option is useful if you want to track the sequence of messages in detail when debugging or troubleshooting. You can turn it on in the left-hand panel of the Serial Connections tool window.
Debug servers
In v2024.3, we introduced the new Debug Servers configuration option that allows you to set up a dedicated debug server for a particular debug probe. This feature simplifies the process of running or debugging build targets.
For the upcoming 2025.1 release, we’re working on UX improvements to the Debug Server settings based on user feedback and bug fixes. Some of these updates are already available in this EAP build.
To learn about the other features we plan to introduce in v2025.1, read the blog post about our roadmap.
We value your feedback, as your experiences and insights are essential to our mission of continuously improving CLion. This is especially valuable during the Early Access Program, as it helps us refine and prepare new features for the stable release. Please share your ideas and feedback in the comments below or submit them to our issue tracker.
We would also be interested in setting up a quick call with you to learn more about your specific use cases. Let us know if you would like to participate!
JetBrains Named a Customers’ Choice Again for Integrated Development Environment Software
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
We’re kicking off the new year with the first Early Access Program (EAP) build for IntelliJ IDEA 2025.1! This is your chance to get an exclusive first look at the upcoming features and improvements designed to make your coding workflow more efficient than
We’re kicking off the new year with the first Early Access Program (EAP) build for IntelliJ IDEA 2025.1! This is your chance to get an exclusive first look at the upcoming features and improvements designed to make your coding workflow more efficient than ever. You can download this version from our website, update directly from […]
We’re kicking off the new year with the first Early Access Program (EAP) build for IntelliJ IDEA 2025.1! This is your chance to get an exclusive first look at the upcoming features and improvements designed to make your coding workflow more efficient than ever.
You can download this version from our website, update directly from within the IDE, use our free Toolbox App, or install it via snap packages for Ubuntu.
New to the EAP? Our
... show more
We’re kicking off the new year with the first Early Access Program (EAP) build for IntelliJ IDEA 2025.1! This is your chance to get an exclusive first look at the upcoming features and improvements designed to make your coding workflow more efficient than ever. You can download this version from our website, update directly from […]
We’re kicking off the new year with the first Early Access Program (EAP) build for IntelliJ IDEA 2025.1! This is your chance to get an exclusive first look at the upcoming features and improvements designed to make your coding workflow more efficient than ever.
You can download this version from our website, update directly from within the IDE, use our free Toolbox App, or install it via snap packages for Ubuntu.
New to the EAP? Our introductory blog post explains how the program works, why your feedback is important to us, and how you can get involved.
Stay tuned for EAP updates over the next few weeks to try out new features in IntelliJ IDEA. Test them out, provide your feedback, and play a big part in shaping the future of the IDE.
Java
Early Java 24 support
We already offer partial support for the upcoming Java 24! Be among the first to explore its latest features in IntelliJ IDEA and stay ahead of the curve. Simply set your SDK to Oracle OpenJDK 24 and adjust the Language Level accordingly in Project Structure | Project Settings | Project.
Frameworks and technologies
Faster creation of Spring beans
Starting with this EAP, you can create Spring beans directly from the New… or Generate… menus. There is no need to create an empty class and annotate it manually – just select the option, and you’re ready to go!
Check out this improvement to streamline your Spring workflow and save time!
Build tools
Support for Gradle Daemon toolchains
Starting with Gradle 8.13, you can define the exact JVM for the Gradle Daemon using the native Gradle toolchain. Previously, this was only possible for the project itself. With this change, the IDE syncs with Gradle’s configuration and even lets Gradle download the required JVM automatically when needed.
Our settings chooser in Preferences/Settings | Build Tools | Gradle remains fully synced with Gradle’s config. While this setup is optional, we encourage you to use it to prevent Daemon JVM errors and ensure projects sync smoothly every time.
Debugger
Easier toolbar customization in the Debugger tool window
With so many powerful features in our debugger, you can now tailor the toolbar to fit your workflow!
Right-click next to the kebab menu in the top pane and select Add to Debugger Toolbar. You’ll then see a list of all available actions – pick the ones that suit your project and make debugging even smoother.
Text popups in inline hints
When debugging and inspecting a value that contains marked-up text, you can now view it with proper formatting instead of as a plain, lengthy string. For example, if the value is an XML input for a parser, it will be displayed in a structured, readable format.
Previously, this feature was only available for watches. Now, we’ve extended the same functionality to inline debugging, ensuring consistency across both views.
That’s it for the first week of the IntelliJ IDEA 2025.1 EAP! Check out the release notes for the full list of changes.
Stay tuned for weekly updates as we unveil more features. Share your thoughts in the comments to this blog post or on X, and report any bugs via our issue tracker. Let’s shape the future of IntelliJ IDEA together!
Code-centric IDE, focused on your productivity. Full Java EE support, deep code understanding, best debugger, refactorings, everything right out of the box...
The GoLand 2025.1 Early Access Program Has Started!
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers. The first EAP build can be downloaded via the Toolbox App, from our website, or as a […]
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers.
The first EAP build can be downloaded via the Toolbox App, from our website, or as a snap package for Ubuntu. You can also get it from inside GoLand by selecting Check IDE updates for Early Access Program in Settings | Appearance & Behavior | System Settings | Updates.
In this release, we’ve fixed the following issues:
GO-17728: go list -m json all no longer runs repeatedly in the background when GOTOOLCHAIN is configured.
GO-16904: Method signatures for interfaces with unexported custom types are generated correctly again.
By the way, did you know GoLand can also help you work with databases or develop for the web? These functionalities are taken from our sister products – WebStorm,DataGrip, and IntelliJ IDEA. Check out the linked EAP blog posts to learn more.
Further plans
During this EAP, we plan to:
Enhance GoLand’s support for Go, including comprehensive support for Go 1.24, and improve its code quality tools and static analysis tools.
Improve the overall stability of the IDE, ensuring smoother workflows and addressing key issues in performance, reliability, and accuracy.
Introduce various UI/UX improvements.
We encourage you to vote for the issues you want to see fixed and the features you want us to implement.
Early Access Program 101
If you’re not familiar with our Early Access Program (EAP), here’s a brief overview:
EAP builds let you try out the latest features and enhancements in GoLand while we continue working on them. These builds are not fully tested and might be unstable, but this is where you can help us. By taking these builds and their new features for a test drive in your real-world projects and scenarios, you can help us polish them. This way, when the final version is released, it will work smoothly for you.
The EAP lets you be among the first to try out the newest features.
EAP builds are free to use for 30 days from the build date. You can use this period as an extended trial of GoLand.
We provide a series of EAP builds until a stable release is almost ready. For the upcoming 2025.1 version, the EAP period will last until the beginning of March.
In each release cycle, we offer a free one-year GoLand subscription to the most active evaluators and users who helped us make GoLand better by sharing their product experience, feedback, and suggestions.
Fresh builds come out almost every day. If you don’t want to wait for the official EAP build announcements, you can download our nightly builds, which are only available via the Toolbox App. Note that the nightly builds often do not meet the quality standards for official EAP builds, and they don’t come with release notes. Like EAP builds, they expire within 30 days of being released.
Try out this EAP build and stay tuned for future updates!
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers. The fir
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers. The first EAP build can be downloaded via the Toolbox App, from our website, or as a […]
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers.
The first EAP build can be downloaded via the Toolbox App, from our website, or as a snap package for Ubuntu. You can also get it from inside GoLand by selecting Check IDE updates for Early Access Program in Settings | Appearance & Behavior | System Settings | Updates.
... show more
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers. The first EAP build can be downloaded via the Toolbox App, from our website, or as a […]
The Early Access Program (EAP) for GoLand 2025.1 is now open! In this release cycle, we’re focusing on enhancing Go language support, improving code analysis, and boosting stability to provide a seamless development experience for all the gophers.
The first EAP build can be downloaded via the Toolbox App, from our website, or as a snap package for Ubuntu. You can also get it from inside GoLand by selecting Check IDE updates for Early Access Program in Settings | Appearance & Behavior | System Settings | Updates.
In this release, we’ve fixed the following issues:
GO-17728: go list -m json all no longer runs repeatedly in the background when GOTOOLCHAIN is configured.
GO-16904: Method signatures for interfaces with unexported custom types are generated correctly again.
By the way, did you know GoLand can also help you work with databases or develop for the web? These functionalities are taken from our sister products – WebStorm,DataGrip, and IntelliJ IDEA. Check out the linked EAP blog posts to learn more.
Further plans
During this EAP, we plan to:
Enhance GoLand’s support for Go, including comprehensive support for Go 1.24, and improve its code quality tools and static analysis tools.
Improve the overall stability of the IDE, ensuring smoother workflows and addressing key issues in performance, reliability, and accuracy.
Introduce various UI/UX improvements.
We encourage you to vote for the issues you want to see fixed and the features you want us to implement.
Early Access Program 101
If you’re not familiar with our Early Access Program (EAP), here’s a brief overview:
EAP builds let you try out the latest features and enhancements in GoLand while we continue working on them. These builds are not fully tested and might be unstable, but this is where you can help us. By taking these builds and their new features for a test drive in your real-world projects and scenarios, you can help us polish them. This way, when the final version is released, it will work smoothly for you.
The EAP lets you be among the first to try out the newest features.
EAP builds are free to use for 30 days from the build date. You can use this period as an extended trial of GoLand.
We provide a series of EAP builds until a stable release is almost ready. For the upcoming 2025.1 version, the EAP period will last until the beginning of March.
In each release cycle, we offer a free one-year GoLand subscription to the most active evaluators and users who helped us make GoLand better by sharing their product experience, feedback, and suggestions.
Fresh builds come out almost every day. If you don’t want to wait for the official EAP build announcements, you can download our nightly builds, which are only available via the Toolbox App. Note that the nightly builds often do not meet the quality standards for official EAP builds, and they don’t come with release notes. Like EAP builds, they expire within 30 days of being released.
Try out this EAP build and stay tuned for future updates!
JetBrains Named a Customers’ Choice Again for Integrated Development Environment Software
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
Did you know? The Y2K bug, or “Millennium Bug,” was a programming issue caused by storing years with only two digits (e.g., “1999” as “99”) to save memory. As 2000 approached, systems risked interpreting “00” as 1900, leading to potential errors in calcul
Did you know? The Y2K bug, or “Millennium Bug,” was a programming issue caused by storing years with only two digits (e.g., “1999” as “99”) to save memory. As 2000 approached, systems risked interpreting “00” as 1900, leading to potential errors in calculations and data processing. Fears of disruptions in critical systems like banking and […]
Did you know? The Y2K bug, or “Millennium Bug,” was a programming issue caused by storing years with only two digits (e.g., “1999” as “99”) to save memory. As 2000 approached, systems risked interpreting “00” as 1900, leading to potential errors in calculations and data processing.
Fears of disruptions in critical systems like banking and utilities prompted a global effort to update software. In the end, the fixes worked, and major issues were avoided.
If you started your dev career later, have you wondered
... show more
Did you know? The Y2K bug, or “Millennium Bug,” was a programming issue caused by storing years with only two digits (e.g., “1999” as “99”) to save memory. As 2000 approached, systems risked interpreting “00” as 1900, leading to potential errors in calculations and data processing. Fears of disruptions in critical systems like banking and […]
Did you know? The Y2K bug, or “Millennium Bug,” was a programming issue caused by storing years with only two digits (e.g., “1999” as “99”) to save memory. As 2000 approached, systems risked interpreting “00” as 1900, leading to potential errors in calculations and data processing.
Fears of disruptions in critical systems like banking and utilities prompted a global effort to update software. In the end, the fixes worked, and major issues were avoided.
Welcome to dotInsights by JetBrains! This newsletter is the home for recent .NET and software development related information.
🌟 Featured Content
The .NET advocates have been wondering if AI can accurately predict computing trends, since AI is still a hot technology. So this month, we bring you featured content from JetBrains AI!
Here’s what we asked: “How do you see .NET and C# evolving in 2025? Tell me some predictions. Keep it between 400-500 words and cite your reasons why.”
? Predicting the evolution of .NET and C# by 2025 involves examining current trends, Microsoft’s strategy, and the broader software development landscape. Here’s what we might expect:
1. Continued Expansion of .NET 7/8 Unified Platform
By 2025, the unified nature of the .NET platform introduced starting from .NET 5 should become more robust and expansive. Microsoft has been consolidating frameworks like .NET Core, Xamarin, and the traditional .NET Framework into a singular platform. This means developers will have more seamless experiences across web, mobile, desktop, and cloud apps. Expect more refined cross-platform development tools, greater performance optimization, and deeper integration with languages like C#.
Reason: The push for cross-platform compatibility remains strong, given the heterogeneous environment of devices and operating systems. The success of frameworks like Flutter and innovations in Rust could nudge Microsoft to double down on a unified framework that remains competitive.
2. Significant Enhancements to C# and AI-Driven Development
C# is already recognized for its features that embrace developer productivity, like nullability annotations, pattern matching, and asynchronous programming. By 2025, we can expect C# to integrate more systems programming features without compromising ease of use. Additionally, AI-driven tools powered by GitHub Copilot or Azure AI will likely influence the language itself, incorporating features tailored for predictive code generation and error-proofing.
Reason: The growth of AI tools is fundamentally altering how developers write code. Microsoft’s investment in OpenAI, GitHub Copilot, and Visual Studio tooling suggests advanced AI models will integrate tightly, making C# a “smart-first” language for enterprise applications.
3. Focus on Cloud-Native and Microservices with .NET
Cloud computing is dominating software infrastructure, and .NET has been enhancing its support for cloud-native development alongside technologies like Docker and Kubernetes. By 2025, we should see streamlined microservice development features and tools baked into .NET for increased scalability, including native support for multi-cloud architectures.
Reason: Enterprises continue to adopt the cloud en masse, and platforms must adapt to support distributed systems and containerization. Microsoft’s Azure ecosystem will likely drive these .NET innovations.
4. More Emphasis on Blazor and WebAssembly
Blazor, which allows developers to write full-stack web apps using C#, is likely to mature further by 2025. With the rising popularity of WebAssembly (Wasm), Blazor could become central to creating lightweight, high-performing web applications.
Reason: WebAssembly adoption is broadening thanks to its ability to bring near-native performance to web applications. .NET will need Blazor to directly compete with JavaScript-based frameworks like React or Vue while gaining ground with C# expertise.
5. Game Development and Emerging Ecosystem Use Cases
The acquisition of Activision Blizzard emphasizes Microsoft’s interest in gaming. By 2025, .NET and C# may expand their foothold in game development, potentially challenging Unity (which relies on C#). At the same time, .NET could be increasingly used in IoT, VR/AR, and edge computing.
Reason: Gaming and immersive applications represent fertile ground for C#. Direct investments in this area align with Microsoft’s broader goals to diversify .NET usage.
Conclusion
By 2025, .NET and C# will likely evolve to become more cloud-native, smarter, and better optimized for performance across platforms. This evolution reflects Microsoft’s broader ambitions in cloud computing, AI, gaming, and developer productivity. With its strong community and enterprise focus, these technologies are poised to remain a force in modern software development.
Beep boop. 🤖
So that’s it! In a year’s time we’ll know what’s accurate and what’s not. Keep in mind that gen AI is a statistical prediction algorithm, so it should be giving us statistically significant results. Only time will tell.
JetBrains Named a Customers’ Choice Again for Integrated Development Environment Software
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
In recent years, many of our applications have been driven by the high volume of data that we are able to collect and process. Some may refer to us being in the age of data. One of the essential aspects of handling such a large amount of data is anomaly d
In recent years, many of our applications have been driven by the high volume of data that we are able to collect and process. Some may refer to us being in the age of data. One of the essential aspects of handling such a large amount of data is anomaly detection – processes that enable […] In recent years, many of our applications have been driven by the high volume of data that we are able to collect and process. Some may refer to us being in the age of data. One of the essential aspects of handling such a large amount of data is anomaly detection – processes that enable us to identify outliers, data that is outside the bounds of expectation and demonstrate behavior that is out of the norm. In scientific research, anomaly data points could be a cause of technical issues and may need to be discarded when drawing conclusions, or it could lead to new discoveries.
In this blog post
... show more
In recent years, many of our applications have been driven by the high volume of data that we are able to collect and process. Some may refer to us being in the age of data. One of the essential aspects of handling such a large amount of data is anomaly detection – processes that enable […] In recent years, many of our applications have been driven by the high volume of data that we are able to collect and process. Some may refer to us being in the age of data. One of the essential aspects of handling such a large amount of data is anomaly detection – processes that enable us to identify outliers, data that is outside the bounds of expectation and demonstrate behavior that is out of the norm. In scientific research, anomaly data points could be a cause of technical issues and may need to be discarded when drawing conclusions, or it could lead to new discoveries.
In this blog post, we’ll see why using machine learning for anomaly detection is helpful and explore key techniques for detecting anomalies using Python. You’ll learn how to implement popular methods like OneClassSVM and Isolation Forest, see examples of how to visualize these results and understand how to apply them to real-world problems.
Where is anomaly detection used?
Anomaly detection has also been a crucial part of modern-day business intelligence, as it provides insights into what could possibly go wrong and may also identify potential problems. Here are some examples of using anomaly detection in modern-day business.
Security alerts
There are some cyber security attacks that can be detected via anomaly detection; for example, a spike in request volume may indicate a DDoS attack, while suspicious login behavior, like multiple failing attempts, may indicate unauthorized access. Detecting suspicious user behavior may indicate potential cyber security threats, and companies can act on them accordingly to prevent or minimize the damage.
Fraud detection
In financial organizations, for example, banks can use anomaly detection to highlight suspicious account activities, which may be an indication of illegal activities like money laundering or identity theft. Suspicious transactions can also be a sign of credit card fraud.
Observability
One of the common practices for web services is to collect metrics of the real-time performance of the service if there is abnormal behavior in the system. For example, a spike in memory usage may show that something in the system isn’t functioning properly, and engineers may need to address it immediately to avoid a break in service.
Why use machine learning for anomaly detection?
Although traditional statistical methods can also help find outliers, the use of machine learning for anomaly detection has been a game changer. With machine learning algorithms, more complex data (e.g. with multiple parameters) can be analyzed all at once. Machine learning techniques also provide a means to analyze categorical data that isn’t easy to analyze using traditional statistical methods, which are more suited to numerical data.
A lot of time, these anomaly detection algorithms are programmed and can be deployed as an application (see our FastAPI for Machine Learning tutorial) and run as requested or at scheduled intervals to detect any anomalies. This means that they can prompt immediate actions within the company and can also be used as reporting tools for business intelligence teams to review and adjust strategies.
Types of anomaly detection techniques and algorithms
There are generally two main types of anomaly detection: outlier detection and novelty detection.
On the other hand, novelty detection is sometimes referred to as semi-supervised anomaly detection. Since we assume that all training data doesn’t solely consist of anomalies, they’re all labeled as normal. The goal is to detect whether or not new data is an anomaly, which is sometimes referred to as a novelty. The algorithms used in outlier detection can also be used for novelty detection, provided that there are no anomalies in the training data.
Other than the outlier detection and novelty detection mentioned, it is also very common to require anomaly detection in time series data. However, since the approach and technique used for time series data are often different from the algorithms mentioned above, we’ll discuss these in detail at a later date.
Code example: finding anomalies in the Beehives dataset
In this blog post, we’ll be using this Beehives dataset as an example to detect any anomalies in the hives. This data set provides various measurements of the hive (including the temperature and relative humidity of the hive) at various times.
Here, we’ll be showing two very different methods for discovering anomalies. They are OneClassSVM, which is based on support vector machine technology, which we’ll use for drawing decision boundaries, and Isolation Forest, which is an ensemble method similar to Random Forest.
Example: OneClassSVM
In this first example, we’ll be using the data of hive 17, assuming bees will keep their hive in a constant pleasant environment for the colony; we can look at whether this is true and if there are times that the hive experiences anomaly temperature and relative humidity levels. We’ll use OneClassSVM to fit our data and look at the decision-making boundaries on a scatter plot.
The SVM in OneClassSVM stands for support vector machine, which is a popular machine learning algorithm for classification and regressions. While support vector machines can be used to classify data points in high dimensions, by choosing a kernel and a scalar parameter to define a frontier, we can create a decision boundary that includes most of the data points (normal data), while retaining a small number of anomalies outside of the boundaries to represent the probability (nu) of finding a new anomaly. The method of using support vector machines for anomaly detection is covered in a paper by Scholkopf et al. entitled Estimating the Support of a High-Dimensional Distribution.
When starting a new project in PyCharm (Professional 2024.2.2), select Jupyter under Python.
Start with PyCharm Pro for free The benefit of using a Jupyter project (previously also known as a Scientific project) in PyCharm is that a file structure is generated for you, including a folder for storing your data and a folder to store all the Jupyter notebooks so you can keep all your experiments in one place. Another huge benefit is that we can render graphs very easily with Matplotlib. You will see that in the steps below.
2. Install dependencies
Download this requirements.txt from the relevant GitHub repo. Once you place it in the project directory and open it in PyCharm, you will see a prompt asking you to install the missing libraries. Click on Install requirements, and all of the requirements will be installed for you. In this project, we’re using Python 3.11.1.
3. Import and inspect the data
You can either download the “Beehives” dataset from Kaggle or from this GitHub repo. Put all three CSVs in the Data folder. Then, in main.py, enter the following code: import pandas as pddf = pd.read_csv('data/Hive17.csv', sep=";")df = df.dropna()print(df.head()) Finally, press the Run button in the top right-hand corner of the screen, and our code will be run in the Python console, giving us an idea of what our data looks like.
4. Fit the data points and inspect them in a graph
Since we’ll be using the OneClassSVM from scikit-learn, we’ll import it together with DecisionBoundaryDisplay and Matplotlib using the code below: from sklearn.svm import OneClassSVMfrom sklearn.inspection import DecisionBoundaryDisplayimport matplotlib.pyplot as plt According to the data’s description, we know that column T17 represents the temperature of the hive, and RH17 represents the relative humidity of the hive. We’ll extract the value of these two columns as our input: X = df[["T17", "RH17"]].values Then, we’ll create and fit the model. Note that we’ll try the default setting first: estimator = OneClassSVM().fit(X) Next, we’ll show the decision boundary together with the data points: disp = DecisionBoundaryDisplay.from_estimator( estimator, X, response_method="decision_function", plot_method="contour", xlabel="Temperature", ylabel="Humidity", levels=[0],)disp.ax_.scatter(X[:, 0], X[:, 1])plt.show() Now, save and press Run again, and you’ll see that the plot is shown in a separate window for inspection.
5. Fine-tune hyperparameters
As the plot above shows, the decision boundary does not fit very well with the data points. The data points consist of a couple of irregular shapes instead of an oval. To fine-tune our model, we have to provide a specific value of “mu” and “gamma” to the OneClassSVM model. You can try it out yourself, but after a couple of tests, it seems “nu=0.1, gamma=0.05” gives the best result.
Example: Isolation Forest
Isolation Forest is an ensemble-based method, similar to the more popular Random Forest classification method. By randomly selecting parting features and values, it will create many decision trees, and the path length from the root of the tree to the node making that decision will then be averaged over all the trees (hence “forest”). A short average path length indicates anomalies. A short decision path usually indicates data that is very different from the others. Now, let’s compare the result of OneClassSVM with IsolationForest. To do that, we’ll make two plots of the decision boundaries made by the two algorithms. In the following steps, we’ll build on the script above using the same hive 17 data.
1. Import IsolationForest
IsolationForest can be imported from the ensemble categories in Scikit-learn: from sklearn.ensemble import IsolationForest
2. Refactor and add a new estimator
Since now we’ll have two different estimators, let’s put them in a list: estimators = [ OneClassSVM(nu=0.1, gamma=0.05).fit(X), IsolationForest(n_estimators=100).fit(X)] After that, we’ll use a for loop to loop through all the estimators. for estimator in estimators: disp = DecisionBoundaryDisplay.from_estimator( estimator, X, response_method="decision_function", plot_method="contour", xlabel="Temperature", ylabel="Humidity", levels=[0], ) disp.ax_.scatter(X[:, 0], X[:, 1]) plt.show() As a final touch, we’ll also add a title to each of the graphs for easier inspection. To do that, we’ll add the following after disp.ax_.scatter: disp.ax_.set_title( f"Decision boundary using {estimator.__class__.__name__}" ) You may find that refactoring using PyCharm is very easy with the auto-complete suggestions it provides.
3. Run the code
Like before, running the code is as easy as pressing the Run button in the top-right corner. After running the code this time, we should get two graphs. You can easily flip through the two graphs with the preview on the right. As you can see, the decision boundary is quite different while using different algorithms. When doing anomaly detection, it’s worth experimenting with various algorithms and parameters to find the one that suits the use case the most.
Summary
Anomaly Detection has proven to be an important aspect of business intelligence, and being able to identify anomalies and prompt immediate actions to be taken is essential in some sectors of business. Using the proper machine learning model to automatically detect anomalies can help analyze complicated and high volumes of data in a short period of time. In this blog post, we have demonstrated how to identify anomalies using statistical models like OneClassSVM and how STL decomposition can help identify anomalies in time series data.
With the Jupyter project in PyCharm Professional, you can organize your anomaly detection project with a lot of data files and notebooks easily. Graphs output can be generated to inspect anomalies and plots are very accessible in PyCharm. Other features, such as auto-complete suggestions, make navigating all the Scikit-learn models and Matplotlib plot settings a blast.
Power up your data science project by using PyCharm; check out the data science features offered to streamline your data science workflow.
Learn how to use FastAPI for machine learning. Explore the framework's benefits and why it's popular, and understand how to integrate it into your ML workflows.
JetBrains Named a Customers’ Choice Again for Integrated Development Environment Software
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code. Previously, developers using PhpStorm ha
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code. Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these […]
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code.
Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these files.
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code. Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these […]
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code.
Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these files.
Wanting to ensure that PhpStorm users have everything they need for web development already built into the IDE, we reached out to Adel about transferring ownership of his .env Files Support plugin to JetBrains for bundling – and he graciously supported this idea. Starting with PhpStorm 2024.3.2, this plugin is included out of the box, with JetBrains taking over its development while keeping it open source.
“I’m pleased that it has been bundled with the IDE. I hope JetBrains implements some features I didn’t have time to, like nested variables.”
Adel Faizrakhmanov Software Developer
What’s inside?
Сode completion for the environment variable keys defined in the .env file, Dockerfile, or docker-compose.yml file.
Syntax highlighting and validation inspections in .env files.
Navigation between environment variable declarations and usages.
You may also like
Adel is widely known for the Laravel Idea plugin, which offers extensive support for Laravel development, including Laravel code generation, Eloquent completion, Laravel navigation, as well as autocompletion for Laravel routes, request fields, and validation rules.
“.env Files Support was the first plugin I developed. Its sudden popularity inspired me to pay more attention to IntelliJ Platform plugin development, and now I’m working full time on Laravel Idea and other plugins.”
If you’re a Laravel developer and haven’t tried this plugin yet, give it a shot!
Conclusion
PhpStorm continues to refine and expand its features to support PHP developers better. By bundling .env file support into the core IDE, JetBrains has removed yet another barrier to productivity.
If you haven’t updated PhpStorm yet, now’s the time to do it!
JetBrains Named a Customers’ Choice Again for Integrated Development Environment Software
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers t
... show more
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year. Read the Report A trusted vendor We believe JetBrains’ consistent innovation and developer-first approach have earned […]
JetBrains is honored to be recognized as a Customers’ Choice in the 2024 Gartner® Peer Insights™ Voice of the Customer for Integrated Development Environment (IDE) Software – a distinction we are proud to receive for the second consecutive year.
We believe JetBrains’ consistent innovation and developer-first approach have earned us this recognition. With flagship IDEs like IntelliJ IDEA, PyCharm, PhpStorm, Rider, WebStorm, and others, JetBrains empowers developers to write better code and be more productive.
We are honored to be recognized as a Customers’ Choice in the IDE category for the second consecutive year. We believe this recognition underscores our ongoing commitment to investing in IDEs that provide an exceptional developer experience. Trusted by over 300,000 organizations, including 90% of Fortune Global Top 100 companies, JetBrains remains dedicated to creating best-in-class tools covering the entire development lifecycle.
Mikhail Vink, Head of Business Development
What makes JetBrains stand out?
JetBrains IDEs are known for their cutting-edge features, intuitive interfaces, and unwavering focus on enhancing developer productivity. Here’s what real users had to say:
“IntelliJ IDEA provides smart code completion, deep static analysis and intelligent refactoring. This has helped team accelerate code completion and review. We have seen 20% increase in code merges with the reduction in code rollbacks.” (Link to the review)
“PyCharm has been an absolute game-changer for my Python development workflow. Its intuitive interface and powerful code analysis tools have significantly boosted my productivity.” (Link to the review)
WebStorm: “The ultimate IDE for a frontend developer with cutting edge features.” (Link to the review)
These reviews highlight JetBrains’ commitment to delivering an exceptional development experience across programming languages and ecosystems. See it for yourself! Explore JetBrains reviews on Gartner Peer Insights.
Celebrate with us
Read the full Gartner Peer Insights Voice of the Customer report.
Gartner, Voice of the Customer for Integrated Development Environment Software. By Peer Contributors, 28 November 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS is a registered trademark, and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner® or its affiliates. Gartner® does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from JetBrains.
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
We’ve just released the next minor update for IntelliJ IDEA 2024.3 – v2024.3.2. You can update to this version from inside the IDE, via the Toolbox App, or by using snaps for Ubuntu. You can also download it from our website. This release includes the fol
We’ve just released the next minor update for IntelliJ IDEA 2024.3 – v2024.3.2. You can update to this version from inside the IDE, via the Toolbox App, or by using snaps for Ubuntu. You can also download it from our website. This release includes the following improvements: To find out more about the resolved issues, […]
We’ve just released the next minor update for IntelliJ IDEA 2024.3 – v2024.3.2.
You can update to this version from inside the IDE, via the Toolbox App, or by using snaps for Ubuntu. You can also download it from our website.
This release includes the following improvements:
Using certain third-party plugins no longer causes the font settings to reset to default. [IJPL-157487]
It’s again possible to
... show more
We’ve just released the next minor update for IntelliJ IDEA 2024.3 – v2024.3.2. You can update to this version from inside the IDE, via the Toolbox App, or by using snaps for Ubuntu. You can also download it from our website. This release includes the following improvements: To find out more about the resolved issues, […]
We’ve just released the next minor update for IntelliJ IDEA 2024.3 – v2024.3.2.
You can update to this version from inside the IDE, via the Toolbox App, or by using snaps for Ubuntu. You can also download it from our website.
This release includes the following improvements:
Using certain third-party plugins no longer causes the font settings to reset to default. [IJPL-157487]
It’s again possible to compile Java 7 projects with Javac version 7. [IDEA-361854]
When establishing an SSH connection with a specified deployment path, the IDE no longer mistakenly sets the working directory to the host’s root directory. [IJPL-171619]
JPA Buddy’s New Association Attribute dialog option for @OneToMany once again works as expected. [IDEA-359970]
When the IDE window size is maximized on macOS Sequoia, it stays maximized upon IDE reopening. [IJPL-164502]
The IDE correctly displays the GitHub pull request timeline with mannequins and deleted participants. [IJPL-79734]
The Collection Presentation window properly displays nested collections in the debugger. [IDEA-363360]
Each JetBrains IDE binary on macOS is now assigned a specific UUID, ensuring that different applications are no longer treated as single entities in the system settings. This helps prevent issues such as JetBrains Gateway being unable to connect to remote hosts. [IJPL-172978, IJPL-173908]
To find out more about the resolved issues, please refer to the release notes.
If you encounter any issues or would like to make a suggestion or a feature request, please submit them to our issue tracker.
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code. Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these […]
.env files are widely used to configure applications by storing configuration settings, environment variables, and sensitive information. This eliminates the need to hardcode these values into the application code.
Previously, developers using PhpStorm had to manually install the .env Files Support plugin, originally created by Adel Faizrakhmanov, to unlock dedicated features for working with these files.
Wanting to ensure that PhpStorm users have everything they need for web development already built into the IDE, we reached out to Adel about transferring ownership of his .env Files Support plugin to JetBrains for bundling – and he graciously supported this idea. Starting with PhpStorm 2024.3.2, this plugin is included out of the box, with JetBrains taking over its development while keeping it open source.
“I’m pleased that it has been bundled with the IDE. I hope JetBrains implements some features I didn’t have time to, like nested variables.”
Adel Faizrakhmanov Software Developer
What’s inside?
Сode completion for the environment variable keys defined in the .env file, Dockerfile, or docker-compose.yml file.
Syntax highlighting and validation inspections in .env files.
Navigation between environment variable declarations and usages.
You may also like
Adel is widely known for the Laravel Idea plugin, which offers extensive support for Laravel development, including Laravel code generation, Eloquent completion, Laravel navigation, as well as autocompletion for Laravel routes, request fields, and validation rules.
“.env Files Support was the first plugin I developed. Its sudden popularity inspired me to pay more attention to IntelliJ Platform plugin development, and now I’m working full time on Laravel Idea and other plugins.”
If you’re a Laravel developer and haven’t tried this plugin yet, give it a shot!
Conclusion
PhpStorm continues to refine and expand its features to support PHP developers better. By bundling .env file support into the core IDE, JetBrains has removed yet another barrier to productivity.
If you haven’t updated PhpStorm yet, now’s the time to do it!
Introducing klibs.io: A New Way to Discover Kotlin Multiplatform Libraries Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professiona…
Cybersecurity trends at the Consumer Electronics Show: from AI glasses to biometric locks. One of the world’s premier tech events traditionally takes place every year in Las Vegas in early January. Sure, the Consumer Electronics Show (CES) pays attention
Cybersecurity trends at the Consumer Electronics Show: from AI glasses to biometric locks.
One of the world’s premier tech events traditionally takes place every year in Las Vegas in early January. Sure, the Consumer Electronics Show (CES) pays attention to cybersecurity, but by no means is it top of the agenda. Looking for a giant monitor or AI washing machine? You’re in luck! Smart home protection against hackers? Might have to shop around a bit…
We’ve picked out the top trending announcements at CES 2025, with a focus on what new cyberthreats to expect as the latest innovations
... show more
Cybersecurity trends at the Consumer Electronics Show: from AI glasses to biometric locks.
One of the world’s premier tech events traditionally takes place every year in Las Vegas in early January. Sure, the Consumer Electronics Show (CES) pays attention to cybersecurity, but by no means is it top of the agenda. Looking for a giant monitor or AI washing machine? You’re in luck! Smart home protection against hackers? Might have to shop around a bit…
We’ve picked out the top trending announcements at CES 2025, with a focus on what new cyberthreats to expect as the latest innovations hit the shelves.
NVIDIA Project DIGITS: your own mini supercomputer for running AI locally
NVIDIA founder Jensen Huang unveiled the company’s Mac-Mini-sized supercomputer to CES visitors. Powered by the GB10 Grace Blackwell “superchip” with a minimum 128 GB of memory, the device is capable of running large language models (LLMs) with 200 billion parameters. Connect two such computers, and you can run even larger models with up to 400 billion parameters! However, the US$3000 price tag will limit the buyer audience.
Cybersecurity aspect: running LLMs locally stops confidential information from leaking to OpenAI, Google Cloud, and other such services. Until now, this wasn’t very practical: on offer were either greatly simplified models that struggled to run on gaming computers, or solutions deployed on powerful servers in private clouds. “NVIDIA Project DIGITS” now made it easier for both small companies and wealthy hobbyists to run powerful local LLMs.
The GB10 Grace Blackwell superchip, 128 GB of RAM, and 4 TB of SSD storage make this NVIDIA offer a decent platform for a local neural network. Source
Cybersecurity aspect: the Saros Z70’s object-rearranging ability is very limited, and Roborock has not been involved in any major cybersecurity scandals. So we’re unlikely to see any game-changing risks compared to existing vacuum cleaners. But later models or competitors’ products can theoretically be used in cyberphysical attacks such as burglary. For instance, researchers recently showed how to hack Ecovacs robot vacuums.
But the Saros Z70 is notable for more than just its mechanical hand. Another of its officially announced features is video surveillance. The vendor claims that camera footage never leaves the device, but we’ll believe that when we see it. After all, you’ll probably at least need a separate device to view the footage. The StarSight 2.0 system, due with a later software update, will let you train the robot to recognize specific household objects (for example, favorite toys) so that it can show where it last saw them on a map of your home. As to whether this handy feature works entirely on the device — or data about things in your home gets fed to the cloud — press releases are maintaining a tactful silence.
The Roborock Saros Z70 can lift and carry objects weighing up to 300 grams. Source
Bosch Revol: preying on parental fear
How did a baby rocker manage to take home the “Least private” mock award for gadgets at CES 2025, as judged by Electronic Frontier Foundation and iFixIt? The Bosch Revol Smart Crib not only automatically rocks the crib, but continuously collects video and audio data, while simultaneously scanning the baby’s pulse and breathing rate using millimeter-wave radar. It also monitors temperature, humidity and fine-particle pollution levels. The camera is equipped with object recognition to detect toys, blankets and other potentially dangerous objects near the infant’s face. All data is instantly streamed to a parental smartphone and to the cloud, where it remains.
Cybersecurity aspect: other vendors’ video baby monitors have been dogged by scandals, and hacked to conduct nasty pranks and spy on parents. In the case of the Revol, not only video, but medical data could end up in cybercriminal hands. When it comes to child and health-related tech, a cloud-free setup as part of a well-protected smart home is the way to go.
TP-Link Tapo DL130: in the same vein?
Among the many smart locks unveiled at CES 2025, it was TP-Link’s model that stood out for a feature that’s still quite rare — biometrics based not only on face/fingerprint recognition, but also on palm veins matching. Simply wave your hand in front of the sensor, and the system will identify you as the owner with high accuracy. Unlike more common biometric factors, this method doesn’t depend on lighting conditions, and works well even with wet and dirty hands. Plus, it’s more difficult to fake.
Cybersecurity aspect: smart locks can be integrated into your home network and interact with your smart home (such as Alexa or Google Home), which creates a wide cyberattack surface. Given the numerous critical vulnerabilities in other TP-Link equipment, there’s a risk that flaws in smart locks will allow attackers to open them in unconventional ways.
Security researchers are sure to put TP-Link’s smart lock under the microscope once it goes on sale. Source
Google Home + Matter: a cloud-free sky home
A major update to Google’s smart home hubs means they can now control curtains, sockets, light bulbs and other devices via the Matter protocol without connecting to a cloud server. At the heart of your smart home can be a Google Nest — an Android 14 smart TV or even a Chromecast device. Tell Google Assistant to “switch on the bedroom light”, and the command will be carried out even without an internet connection, and with minimal delay.
If a staunch advocate of a cloud-based future like Google has implemented such offline scenarios, the demand for such functionality must be huge.
Cybersecurity aspect:local control of your smart home reduces the risk of compromise and improves privacy — less data about what goes on in your home will leak to equipment vendors.
Halliday Glasses: improve your AI-sight
We chose Halliday AR glasses for the innovative image projection system that makes them lighter and more compact — though our takeaways also apply to dozens of other smart glasses presented at CES 2025. While some models address a simple and specific issue — such as combining glasses with a hearing aid or serving as a near-eye display for computer users on board a plane — quite a few of them come equipped with an AI assistant, camera, ChatGPT integration, and other features that potentially can be used to spy on you. They’re used for live translation, teleprompting and other productivity-boosting tasks.
Cybersecurity aspect: all AI features involve shifting large amounts of data to the makers’ servers for processing, so local AI in glasses is still a long way off. But unlike with computers and smartphones, the voices, photos and videos of all those around you will be included in the information flow generated by the glasses. From an ethical or legal standpoint, wearers of such glasses may have to continuously ask permission from everyone around to record them. And those who don’t want to pose for Sam Altman should look out for wearers of smart glasses among their peers.
Sony Honda AFEELA: I feel it’s going to be driving by subscription
This luxury electric car from two Japanese giants is available to preorder — but only to California residents and with rollout scheduled for 2026 or later. Nevertheless, the Japanese vision could become the envy even of Google: the price of the vehicle includes a “complimentary three-year subscription” to a variety of in-car features, including Level 2+ ADAS driver-assist and an AI-powered personal assistant, and a choice of interactive car design and entertainment features such as augmented reality and “virtual worlds”.
At the CES 2025 demonstration, the car was summoned onstage by the voice command “Come on out, Afeela” — but it remains unclear whether this handy feature will be available to drivers.
Cybersecurity aspect: we’ve spotlighted the risks and vulnerabilities of “connected” carsmany times. Whether manufacturers will be able to keep the security bar high, not only for vehicles, but also for telematics systems (especially critical if smart driving becomes subscription-based), is a big question for the future. Those who don’t like the idea of their car suddenly turning into an iron pumpkin pending a software update or after a cyberattack are advised to refrain from splashing out… at least for another decade or so.
BenjiLock: a biometric padlock
Now you can lock up your bike (or barn or whatever) without memorizing a code or carrying around a key. As the name suggests, the BenjiLock Outdoor Fingerprint Padlock is a padlock that stores and recognizes fingerprints — up to ten of them. No smartphone or Wi-Fi required, all the magic happens inside the lock itself. The device is resistant to both moisture and dust, and (according to the manufacturer) works on one charge for up to a year.
Legitimate Chrome extensions are stealing Facebook passwords
Supply-chain attacks use trojanized legitimate Google Chrome extensions for data theft.
Right after Christmas, news broke of a multi-stage attack targeting developers of popular Chrome extensions. Ironically, the biggest-name target was a cybersecurity extension created by Cyberhaven — compromised just before the holidays (we’d previously warned about such risks). As the incident investigation unfolded, the list grew to include no fewer than 35 popular extensions, with a combined total of 2.5 million installations. The attackers’ goal was to steal data from the browsers of users who installed trojanized updates of these extensions. The focus of the campaign was on stealing credentials for Meta services to compromise business accounts and display ads at victims’ expense. However, that’s not the only data that malicious extensions can steal from browsers. We explain how the attack works, and what measures you can take to protect yourself against it at different stages.
Attacking developers: OAuth abuse
To inject trojan functionality into popular Chrome extensions, cybercriminals have developed an original phishing scheme. They send developers emails disguised as standard Google alerts claiming that their extension violates Chrome Web Store policies and needs a new description. The text and layout of the message mimic typical Google emails, so the victim is often convinced. Moreover, the email is often sent from a domain set up to attack a specific extension and containing the name of the extension in the actual domain name.
Clicking the link in the email takes the user to a legitimate Google authentication page. After that, the developer sees another standard Google screen prompting to sign in via OAuth to an app called “Privacy Policy Extension”, and to grant certain permissions to it as part of the authentication process. This standard procedure takes place on legitimate Google pages, except that the “Privacy Policy Extension” app requests permission to publish other extensions to the Chrome Web Store. If this permission is granted, the creators of “Privacy Policy Extension” are able to publish updates to the Chrome Web Store on behalf of the victim.
In this case, there’s no need for the attackers to steal the developer’s password or other credentials, or to bypass multi-factor authentication (MFA). They simply abuse Google’s system for granting permissions to trick developers into authorizing the publication of updates to their extensions. Judging by the long list of domains registered by the attackers, they attempted to attack far more than 35 extensions. In cases where the attack was successful, they released an updated version of the extension, adding two files for stealing Facebook cookies and other data (worker.js and content.js).
Attacking users
Chrome extensions typically receive updates automatically, so users who switched on their machines between December 25 and December 31, and opened Chrome, may have received an infected update of a previously installed extension.
In this event, a malicious script runs in the victim’s browser and sends data needed for compromising Facebook business accounts to the attackers’ server. In addition to Facebook identifiers and cookies, the malware steals information required to log in to the target’s advertising account, such as the user-agent data to identify the user’s browser. On facebook.com, even mouse-click data is intercepted to help the threat actors bypass CAPTCHA and two-factor authentication (2FA). If the victim manages ads for their company or private business on Meta, the cybercriminals get to spend their advertising budget on their own ads — typically promoting scams and malicious sites (malvertising). On top of the direct financial losses, the targeted organization faces legal and reputational risks, as the fake ads are published under its name.
The malware can conceivably steal data from other sites too, so it’s worth checking your browser even if you don’t manage Facebook ads for a company.
What to do if you installed an infected extension update
To stop the theft of information from your browser, the first thing you need to do is to uninstall the compromised extension or update it to a patched version. See here for a list of all known infected extensions with their current remediation status. Unfortunately, simply uninstalling or updating the infected extension is not enough. You should also reset any passwords and API keys that were stored in the browser or used during the incident period.
Then, check the available logs for signs of communication with the attackers’ servers. IoCs are available here and here. If communication with malicious servers was made, look for traces of unauthorized access in all services that were opened in the infected browser.
After that, if Meta or any other advertising accounts were accessed from the infected browser, manually check all running ads, and stop any unauthorized advertising activity you find. Lastly, deactivate any compromised Facebook account sessions on all devices (Log out all other devices), clear the browser cache and cookies, log in to Facebook again, and change the account password.
Incident takeaways
This incident is another example of supply-chain attacks. In the case of Chrome, it’s made worse by the fact that updates are installed automatically without notifying the user. While updates are usually a good thing, here the auto-update mechanism allowed malicious extensions to spread quickly. To mitigate the risks of this scenario, companies are advised to do the following:
Use group policies or the Google Admin console to restrict the installation of browser extensions to a trusted list;
Create a list of trusted extensions based on business needs and information security practices used by the developers of said extensions;
Apply version pinning to disable automatic extension updates. At the same time, it’ll be necessary to put in place a procedure for update monitoring and centralized updating of approved extensions by administrators;
Install an EDR solution on all devices in your organization to protect against malware and monitor suspicious events.
Companies that publish software, including web extensions, need to ensure that permission to publish is granted to the minimum number of employees necessary — ideally from a privileged workstation with additional layers of protection, including MFA and tightly configured application launch control and website access. Employees authorized to publish need to undergo regular information security training, and be familiar with the latest attacker tactics, including spear phishing.
CVE-2025-23198 - Librenms Stored XSS Vulnerability Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professionals.
Supply-chain attacks use trojanized legitimate Google Chrome extensions for data theft. Right after Christmas, news broke of a multi-stage attack targeting developers of popular Chrome extensions. Ironically, the biggest-name target was a cybersecurity ex
Supply-chain attacks use trojanized legitimate Google Chrome extensions for data theft.
Right after Christmas, news broke of a multi-stage attack targeting developers of popular Chrome extensions. Ironically, the biggest-name target was a cybersecurity extension created by Cyberhaven — compromised just before the holidays (we’d previously warned about such risks). As the incident investigation unfolded, the list grew to include no fewer than 35 popular extensions, with a combined total of 2.5 million installations. The attackers’ goal was to steal data from the browsers of users who installed trojanized updates of these extensions. The focus of the campaign was o
... show more
Supply-chain attacks use trojanized legitimate Google Chrome extensions for data theft.
Right after Christmas, news broke of a multi-stage attack targeting developers of popular Chrome extensions. Ironically, the biggest-name target was a cybersecurity extension created by Cyberhaven — compromised just before the holidays (we’d previously warned about such risks). As the incident investigation unfolded, the list grew to include no fewer than 35 popular extensions, with a combined total of 2.5 million installations. The attackers’ goal was to steal data from the browsers of users who installed trojanized updates of these extensions. The focus of the campaign was on stealing credentials for Meta services to compromise business accounts and display ads at victims’ expense. However, that’s not the only data that malicious extensions can steal from browsers. We explain how the attack works, and what measures you can take to protect yourself against it at different stages.
Attacking developers: OAuth abuse
To inject trojan functionality into popular Chrome extensions, cybercriminals have developed an original phishing scheme. They send developers emails disguised as standard Google alerts claiming that their extension violates Chrome Web Store policies and needs a new description. The text and layout of the message mimic typical Google emails, so the victim is often convinced. Moreover, the email is often sent from a domain set up to attack a specific extension and containing the name of the extension in the actual domain name.
Clicking the link in the email takes the user to a legitimate Google authentication page. After that, the developer sees another standard Google screen prompting to sign in via OAuth to an app called “Privacy Policy Extension”, and to grant certain permissions to it as part of the authentication process. This standard procedure takes place on legitimate Google pages, except that the “Privacy Policy Extension” app requests permission to publish other extensions to the Chrome Web Store. If this permission is granted, the creators of “Privacy Policy Extension” are able to publish updates to the Chrome Web Store on behalf of the victim.
In this case, there’s no need for the attackers to steal the developer’s password or other credentials, or to bypass multi-factor authentication (MFA). They simply abuse Google’s system for granting permissions to trick developers into authorizing the publication of updates to their extensions. Judging by the long list of domains registered by the attackers, they attempted to attack far more than 35 extensions. In cases where the attack was successful, they released an updated version of the extension, adding two files for stealing Facebook cookies and other data (worker.js and content.js).
Attacking users
Chrome extensions typically receive updates automatically, so users who switched on their machines between December 25 and December 31, and opened Chrome, may have received an infected update of a previously installed extension.
In this event, a malicious script runs in the victim’s browser and sends data needed for compromising Facebook business accounts to the attackers’ server. In addition to Facebook identifiers and cookies, the malware steals information required to log in to the target’s advertising account, such as the user-agent data to identify the user’s browser. On facebook.com, even mouse-click data is intercepted to help the threat actors bypass CAPTCHA and two-factor authentication (2FA). If the victim manages ads for their company or private business on Meta, the cybercriminals get to spend their advertising budget on their own ads — typically promoting scams and malicious sites (malvertising). On top of the direct financial losses, the targeted organization faces legal and reputational risks, as the fake ads are published under its name.
The malware can conceivably steal data from other sites too, so it’s worth checking your browser even if you don’t manage Facebook ads for a company.
What to do if you installed an infected extension update
To stop the theft of information from your browser, the first thing you need to do is to uninstall the compromised extension or update it to a patched version. See here for a list of all known infected extensions with their current remediation status. Unfortunately, simply uninstalling or updating the infected extension is not enough. You should also reset any passwords and API keys that were stored in the browser or used during the incident period.
Then, check the available logs for signs of communication with the attackers’ servers. IoCs are available here and here. If communication with malicious servers was made, look for traces of unauthorized access in all services that were opened in the infected browser.
After that, if Meta or any other advertising accounts were accessed from the infected browser, manually check all running ads, and stop any unauthorized advertising activity you find. Lastly, deactivate any compromised Facebook account sessions on all devices (Log out all other devices), clear the browser cache and cookies, log in to Facebook again, and change the account password.
Incident takeaways
This incident is another example of supply-chain attacks. In the case of Chrome, it’s made worse by the fact that updates are installed automatically without notifying the user. While updates are usually a good thing, here the auto-update mechanism allowed malicious extensions to spread quickly. To mitigate the risks of this scenario, companies are advised to do the following:
Use group policies or the Google Admin console to restrict the installation of browser extensions to a trusted list;
Create a list of trusted extensions based on business needs and information security practices used by the developers of said extensions;
Apply version pinning to disable automatic extension updates. At the same time, it’ll be necessary to put in place a procedure for update monitoring and centralized updating of approved extensions by administrators;
Install an EDR solution on all devices in your organization to protect against malware and monitor suspicious events.
Companies that publish software, including web extensions, need to ensure that permission to publish is granted to the minimum number of employees necessary — ideally from a privileged workstation with additional layers of protection, including MFA and tightly configured application launch control and website access. Employees authorized to publish need to undergo regular information security training, and be familiar with the latest attacker tactics, including spear phishing.
CVE-2025-23198 - Librenms Stored XSS Vulnerability Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professionals.
Trusted-relationship cyberattacks and their prevention
How to work with suppliers to reduce the risk of incidents related to supply-chain cyberattacks.
The old saying, “A chain is only as strong as its weakest link”, directly applies to enterprise cybersecurity. Businesses these days often rely on dozens or even hundreds of suppliers and contractors, who, in turn, use the services and products of yet more contractors and suppliers. And when these chains involve not raw materials but complex IT products, ensuring their security becomes significantly more challenging. This fact is exploited by attackers, who compromise a link in the chain to reach its end — their main target. Accordingly, it’s essential for business leaders and the heads of IT and information security to understand the risks of supply-chain attacks in order to manage them effectively.
What is a supply-chain attack?
A supply-chain attack involves a malicious actor infiltrating an organization’s systems by compromising a trusted third-party software vendor or service provider. Types of this attack include the following:
Compromising well-known software developed by a supplier and used by the target organization (or multiple organizations). The software is modified to perform malicious tasks for the attacker. Once the next update is installed, the software will contain undeclared functionality that allows the organization to be compromised. Well-known examples of such attacks include the compromise of the SolarWinds Orion and 3CX Last year, the to-date largest attempt at such an attack was discovered — XZ Utils. Fortunately, it was unsuccessful.
Attackers find corporate accounts used by a service provider to work within the target organization’s systems. The attackers use these accounts to infiltrate the organization and carry out an attack. For example, the American retail giant Target was hacked through an account issued to an HVAC provider.
Attackers compromise a cloud provider or exploit the features of a cloud provider’s infrastructure to access the targeted organization’s data. The most high-profile case last year involved the compromise of more than 150 clients of the Snowflake cloud service, leading to the data leak of hundreds of millions of users of Ticketmaster, Santander Bank, AT&T, and others. Another large-scale, big-impact attack was the hack of the authentication service provider Okta.
Attackers exploit permissions delegated to a contractor in cloud systems, such as Office 365, to gain control over the target organization’s documents and correspondence.
Attackers compromise specialized devices belonging to or administered by a contractor, but connected to the target organization’s network. Examples include smart-office air-conditioning systems, and video surveillance systems. For example, building automation systems became a foothold for a cyberattack on telecom providers in Pakistan.
Attackers modify IT equipment purchased by the target organization, either by infecting pre-installed software or embedding hidden functionality into the devices’ firmware. Despite their complexity, such attacks have actually occurred in practice. Proven cases include Android device infections, and widely discussed server infections at the chip level.
All variations of this technique in the MITRE ATT&CK framework come under the name “Trusted Relationship” (T1199).
Benefits of supply-chain attacks for criminals
Supply-chain attacks offer several advantages for attackers. Firstly, compromising a supplier creates a uniquely stealthy and effective access channel — as demonstrated by the attack on SolarWinds Orion software, widely used in major U.S. corporations, and the compromise of Microsoft cloud systems, which led to email leaks from several U.S. government departments. For this reason, this type of attack is especially favored by criminals hunting for information. Secondly, the successful compromise of a single popular application or service instantly provides access to dozens, hundreds, or even thousands of organizations. Thus, this kind of attack also appeals to those motivated by financial gain, such as ransomware groups. One of the most high-profile breaches of this type was the attack on IT supplier Kaseya by the REvil group.
A tactical advantage (to criminals) of attacks exploiting trusted relationships lies in the practical consequences of this trust: the applications and IP addresses of the compromised supplier are more likely to be on allowlists, actions performed using accounts issued to the supplier are less frequently flagged as suspicious by monitoring centers, and so on.
Damage from supply-chain attacks
Contractors are usually compromised in targeted attacks carried out by highly motivated and skilled attackers. Such attackers are typically aiming to obtain either a large ransom or valuable information — and in either case, the victim will inevitably face long-term negative consequences.
These include the direct costs of investigating the incident and mitigating its impact, fines and expenses related to working with regulators, reputational damage, and potential compensation to clients. Operational disruptions caused by such attacks can also result in significant productivity losses, and threaten business continuity.
There are also cases that don’t technically qualify as supply-chain attacks — attacks on key technology providers within a specific industry — that nevertheless disrupt the supply chain. There were several examples of this in 2024 alone, the most striking being the cyberattack on Change Healthcare, a major company responsible for processing financial and insurance documents in the U.S. healthcare industry. Clients of Change Healthcare were not hacked, but while the compromised company spent a month restoring its systems, medical services in the U.S. were partially paralyzed, and it was recently revealed that confidential medical records of 100 million patients were exposed as a result of this attack. In this case, mass client dissatisfaction became a factor pressuring the company to pay the ransom.
Which teams and departments should be responsible for supply-chain-attack prevention?
While all the above may suggest that dealing with supply-chain attacks is entirely the responsibility of information security teams, in practice, minimizing these risks requires the coordinated efforts of multiple teams within the organization. Key departments that should be involved in this work include:
Information security: responsible for implementing security measures and monitoring compliance with them, conducting vulnerability assessments, and responding to incidents.
IT: ensures that the procedures and measures required by information security are followed when organizing contractors’ access to the organization’s infrastructure, uses monitoring tools to oversee compliance with these measures, and prevents the emergence of shadow or abandoned accounts and IT services.
Procurement and vendor management: should work with information security and other departments to include trust and corporate information-security compliance criteria in supplier selection processes. Should also regularly check that supplier evaluations meet these criteria and ensure ongoing compliance with security standards throughout the contract period.
Legal departments and risk management: ensure regulatory compliance and manage contractual obligations related to cybersecurity.
Board of directors: should promote a security culture within the organization, and allocate resources for implementing the above measures.
Measures for minimizing the risk of supply-chain attacks
Organizations should take comprehensive measures to reduce the risks associated with supply-chain attacks:
Thoroughly evaluate suppliers. It’s crucial to assess the security level of potential suppliers before beginning collaboration. This includes requesting a review of their cybersecurity policies, information about past incidents, and compliance with industry security standards. For software products and cloud services, it’s also recommended to collect data on vulnerabilities and pentests, and sometimes it’s advised to conduct dynamic application security testing (DAST).
Implement contractual security requirements. Contracts with suppliers should include specific information security requirements, such as regular security audits, compliance with your organization’s relevant security policies, and incident notification protocols.
Adopt preventive technological measures. The risk of serious damage from supplier compromise is significantly reduced if your organization implements security practices such as the principle of least privilege, zero trust, and mature identity management.
Organize monitoring. We recommend using XDR or MDR solutions for real-time infrastructure monitoring and detecting anomalies in software and network traffic.
Develop an incident response plan. It’s important to create a response plan that includes supply-chain attacks. The plan should ensure that breaches are quickly identified and contained — for example by disconnecting the supplier from company systems.
Collaborate with suppliers on security issues. It’s vital to work closely with suppliers to improve their security measures — such collaboration strengthens mutual trust and makes mutual protection a shared priority.
Deep technological integration throughout the supply chain affords companies unique competitive advantages, but simultaneously creates systemic risks. Understanding these risks is critically important for business leaders: attacks on trusted relationships and supply chains are a growing threat, entailing significant damage. Only by implementing preventive measures across the organization and approaching partnerships with suppliers and contractors strategically can companies reduce these risks and ensure the resilience of their business.
foggy
in reply to Sunshine (she/her) • • •PrincessKadath
in reply to foggy • • •like this
themadcodger likes this.
foggy
in reply to PrincessKadath • • •Passerby6497
in reply to foggy • • •That's almost 167 users per year!
E: almost 177 users/year using the actual amount
wildbus8979
in reply to PrincessKadath • • •like this
Cătă likes this.
PrincessKadath
in reply to wildbus8979 • • •lambalicious
in reply to foggy • • •caos
in reply to Sunshine (she/her) • • •like this
Fitik likes this.
Rikudou_Sage
in reply to Sunshine (she/her) • • •like this
classic likes this.
ocean
in reply to Rikudou_Sage • • •like this
classic and Fitik like this.
InformaPirata
in reply to ocean • • •like this
Cătă likes this.
BlemboTheThird
in reply to Rikudou_Sage • • •like this
Chozo, Fitik and themadcodger like this.
Rikudou_Sage
in reply to BlemboTheThird • • •tacosanonymous
in reply to Rikudou_Sage • • •palordrolap
in reply to Rikudou_Sage • • •like this
Fitik and Cătă like this.
Scrubbles
in reply to Rikudou_Sage • • •Cătă
in reply to Rikudou_Sage • • •Same as Instagram or Telegram. Really, stop nitpicking the name of FOSS projects excessively. I get that they're not the best, but they're not really a dealbreaker for most of the people outside the marketing departments.
Otoh, what if we would all call it Friendi as well (just like we did with Insta? Or Fren?
ApollosArrow
in reply to BlemboTheThird • • •ubergeek
in reply to Rikudou_Sage • • •like this
themadcodger and Cătă like this.
Rikudou_Sage
in reply to ubergeek • • •don't like this
Cătă doesn't like this.
ubergeek
in reply to Rikudou_Sage • • •like this
Cătă likes this.
Blaze (he/him)
in reply to Rikudou_Sage • • •caseyweederman
in reply to ubergeek • • •lambalicious
in reply to Rikudou_Sage • • •like this
Cătă likes this.
JubilantJaguar
in reply to Rikudou_Sage • • •YonderEpochs
in reply to JubilantJaguar • • •JubilantJaguar
in reply to YonderEpochs • • •YonderEpochs
in reply to JubilantJaguar • • •Ah but even coming from a native speaker, it just flows so smoothly and feels just like saying what is arguably now the most common greeting said in English. To me it's like the word "app" is hiding itself right in the most natural greeting, the greeting also being a symbolic distillation of the app's purpose - there's an elegant, simple symmetry to it in my ears, the opposite of buzzword cringe!
But hey, opinions and assholes eh? Taste is so subjective lol. Just glad they didn't name it iWhatsApp, then we'd agree and be big mad
JubilantJaguar
in reply to YonderEpochs • • •Rikudou_Sage
in reply to JubilantJaguar • • •JubilantJaguar
in reply to Rikudou_Sage • • •InformaPirata
in reply to Rikudou_Sage • • •I agree that it is an exceptional software, perhaps the best of the Fediverse, but it has a terrible name. The reason for this name was to mark a continuity with the first potentially federated social network, namely "identi.ca"
Moreover, despite the name, it is not a really friendly software, but presents several ergonomic complexities.
Finally, I add that when I pronounce it with my dictation system, it is always transliterated as "free handicap", which is a very inclusive thing, but every time I have to correct it... 🤣
This is also why I decided to call my instance with a different name such as Poliverso, Too bad that a few months later Zuckerberg decided to launch his failed Metaverso project, which is why every time I have to explain that I did not call it that to parody the Metaverso 🤬
Snapz
in reply to InformaPirata • • •Cătă
in reply to Rikudou_Sage • • •Ⓜ3️⃣3️⃣ 🌌
in reply to Sunshine (she/her) • • •Porco
in reply to Sunshine (she/her) • • •like this
Chozo, Fitik and Cătă like this.
Ulrich
in reply to Porco • • •like this
Fitik likes this.
Die4Ever
in reply to Ulrich • • •Isn't that what you want for a Facebook replacement though?
I guess being able to browse public profiles and posts would be good, but if it's like Facebook then wouldn't most people be using their real names and posting about semi-personal IRL stuff?
You'd want that stuff to only show for your friends, and maybe friends of friends
Ulrich
in reply to Die4Ever • • •Cătă
in reply to Ulrich • • •Ulrich
in reply to Cătă • • •like this
Cătă likes this.
Cătă
in reply to Ulrich • • •It is a Facebook alternative, after all. But now that you're speaking, I think it would work if a link to the community page would be visible straight from the login page. You can still see the public feed as of speaking, but you have to go to
instance.address/communityto see it.Edit: seems like this is not a universal issue with Friendica, but rather just something to add to the Frio theme which is the default for the majority of the instances. For example, where the Vier theme is used by default, there is a community button available: social.outsourcedmath.com/ is one example.
Hopefully someone does a more modern theme that has this button too.
OutsourcedMath Social Network | Home
social.outsourcedmath.comUlrich
in reply to Cătă • • •Yes, alternative. Why would you want an alternative? Because you're unhappy with it.
That's great except there's no way to know that by the home page.
like this
Cătă likes this.
Cătă
in reply to Ulrich • • •I did not receive your response in time, that's why I edited my previous comment. Sorry about that.
Imo, I'm more concerned about Facebook's data hoarding practices and its future moderation practices than whether it has a public feed or not. LinkedIn and VK (probably G+ either, can't remember) - other two social networks that are more similar to Facebook in UI - do not have publicly accessible feeds either on their home pages, yet they still managed to get plenty of users. Probably no longer still relevant, but diaspora is also featured as the 1st alternative to Facebook. Yet if you go to any diaspora server, say diaspora-fr.org/, there's no way to access a public feed either.
Some Friendica servers (probably some Mastodon servers too) are also actively blocking their local feeds from unlogged users, so that's also an aspect to keep in mind.
I understand that for some people (I simply don't care that much about this aspect, but I understand you do), the lack of a public feed might be an impediment, but I think it's way less harmful than other things that Meta does to its users.
my 2c
HootinNHollerin
in reply to Sunshine (she/her) • • •Ulrich
in reply to HootinNHollerin • • •like this
Cătă likes this.
ᴇᴍᴘᴇʀᴏʀ 帝
in reply to HootinNHollerin • • •like this
Cătă likes this.
Andrei
in reply to ᴇᴍᴘᴇʀᴏʀ 帝 • • •Andrei
in reply to ᴇᴍᴘᴇʀᴏʀ 帝 • • •ᴇᴍᴘᴇʀᴏʀ 帝
in reply to Andrei • • •Mobile Clients – friendica
friendi.cakaty ✨
in reply to Sunshine (she/her) • • •whats the best queer friendly instance so far that actually bans/defederates from bigots?
genuine question so i can join
like this
Fitik and Cătă like this.
Cătă
in reply to katy ✨ • • •Try foggyminds.com
(Here are their TOS)
Cyborganism
in reply to Sunshine (she/her) • • •I've been looking for a Facebook alternative. It was either Diaspora or Friendica.
Is Friendica more popular? What are some of the most popular/stable instances with the lowest chances of disappearing?
Fitik
in reply to Cyborganism • • •Fediverse Observer checks all servers in the fediverse and gives you an easy way to find a home.
diaspora.fediverse.observerlike this
Fitik likes this.
Cyborganism
in reply to Fitik • • •Cătă
in reply to Cyborganism • • •I would have recommended you mine or venera.social. They're around 10 years old or something, so quite some time. But they've temporarily closed signups. nerdica.net and anonsys.net have also been around for quite some time, although the former had some problems last year and lost years of database. ouch.
Then there's social.trom.tf, which has some of the most wonderful custom themes I've seen on Friendica, but their opinions on stuff are a bit weird for me...
For the rest I don't know that much.
like this
Fitik likes this.
mapumbaa
in reply to Sunshine (she/her) • • •Phegan
in reply to Sunshine (she/her) • • •Cătă
Unknown parent • • •@xapr [he/him] mine is libranet.de
Haven't really explored other instances other than mine and venera.social, but these ones might be a good fit.
Matthias
2025-01-18 21:40:09