he/him/his, cis, gay, husband, Beagle chew-toy, JavaScript jockey, Rustacean

  • 57 Posts
  • 97 Comments
Joined duela 2 urte
cake
Cake day: api. 06, 2021

help-circle
rss
> The UX team has been carefully designing widgets and applications over the last year. We are now at the point where it is critical for the engineering team to decide upon a GUI toolkit for COSMIC. After much deliberation and experimentation over the last year, the engineering team has decided to use Iced instead of GTK. > > Iced is a native Rust GUI toolkit that's made enough progress lately to become viable for use in COSMIC. Various COSMIC applets have already been written in both GTK and Iced for comparison. The latest development versions of Iced have an API that's very flexible, expressive, and intuitive compared to GTK. It feels very natural in Rust, and anyone familiar with Elm will appreciate its design. The main jumping-off point for COSMIC is this repository, I think: https://github.com/pop-os/cosmic-epoch The iced crate is here: https://github.com/iced-rs/iced Other GUI tookits for Rust can be found here: https://www.areweguiyet.com/
fedilink

I expect an upcoming patch will check during boot whether the fix is needed and only apply it for those old systems


Today's Rust and Linux project is up :) I built this plugin so that I could see NetworkManager controls in results that come back from [`pop-launcher`]( https://github.com/pop-os/launcher) I'm using [`onagre`](https://github.com/oknozor/onagre) to query/display/action those results
fedilink

There is no “software supply chain” — iliana.fyi
> This is where the supply chain metaphor — and it is just that, a metaphor — breaks down. If a microchip vendor enters an agreement and fails to uphold it, the vendor’s customers have recourse. If an open source maintainer leaves a project unmaintained for whatever reason, that’s not the maintainer’s fault, and the companies that relied on their work are the ones who get to solve their problems in the future. Using the term “supply chain” here dehumanizes the labor involved in developing and maintaining software as a hobby.
fedilink

Garage leverages the theory of distributed systems, and in particular Conflict-free Replicated Data Types (CRDTs in short), a set of mathematical tools that help us write distributed software that runs faster, by avoiding some kinds of unnecessary chit-chat between servers.

Huh, “avoiding some kinds of unnecessary chit-chat” is the weirdest benefit of CRDTs to mention here (and I’m not sure it actually is a benefit)

I would have pointed out that they help multiple devices safely synchronise copies of data, or something 🤷

The word “efficient” doesn’t even appear in the main part of the Wikipedia page (just once in the footnotes): https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type


If the USA and it’s allies were truly enthusiastic about human rights and democracy, then they should find out how much a company saves by having supply chains with worse human rights protections, and tax them some portion (I’d say at least half) of that saving

To encourage them to employ more expensive staff in countries with decent democracy and human rights laws

(And encourage other countries to transition to better human rights frameworks)


I wonder if the monitor for an output/sink is enabled as an input/source? Using a pulseaudio control panel like pavucontrol might show you more information? Most distributions provide pulseaudio/pipewire as a useful layer on top of ALSA, so pure-ALSA tools like alsamixer might not be showing you the whole picture


Might be worth trying a bunch of different live USBs to find a distribution with a working sound setup, and then seeing what it’s doing differently compared to Zorin



> Imagine being a preteen or young teenager in Borneo 31,000 years ago. Your small community survives by hunting and foraging in the mountainous, cave-riddled tropical forests. And then it happens: You get an injury so severe that cutting off your leg offers the only chance of saving your life. Most likely, something has cut off circulation to your lower leg, some of the tissue is now smelly and gangrenous, and it’s spreading fast. What’s your prognosis? > >Based on Tebo 1, that situation was less dire than you might expect, although it almost certainly wasn't easy. > >For one thing, the severed leg bones show no signs of inflammation, which means that if Tebo 1 suffered any infection after the amputation, it wasn’t serious enough to reach the bone. Without antibiotics, infection is a major threat; most of the casualties in American Civil War field hospitals died of infection, not of their actual injuries. > >The fact that Tebo 1 apparently didn’t face serious infection suggests that whoever performed the amputation understood how to keep the wound, the surgical tools, and their hands clean and understood that they needed to do so (which puts 31,000-year-old hunter-gatherers ahead of European and American surgeons just a century ago). It also suggests that someone took very good care of Tebo 1 after the operation.
fedilink

Anyone who thinks it’s actually because of silly things like “not wanting to be associated with such a disgusting, festering cesspool of a site” is naïve.

Not sure where you got this from, this didn’t seem to be in the CloudFlare blog post anywhere


> The new type of USB4 will continue the USB-IF's questionable naming scheme that only its members and a thumbtack-and-string-covered corkboard can truly appreciate. When it's all said and done, it seems you'll be able to find USB-C ports that are USB4 Version 2.0, USB4 Version 1.0, USB 3.2 Gen 2x2, USB 3.2 Gen 2, USB 3.2 Gen 1, or USB 2.0, plus some will opt for Intel Thunderbolt certification. And in the case of USB4 Version 1.0, you'll still need more information to know if the port supports the spec's max potential speed of 40Gbps. **screaming intensifies**
fedilink

> - “The age problem”: Young people aren’t using Facebook at all and are using Instagram less, but the success of both platforms as advertising revenue bonanzas is predicated on usage by the youth demographic. > - “The innovation problem”: Facebook hasn’t invented a new hit since the blue app itself and its other successes were all acquired. > - “The metaverse problem”: They’re betting the company on AR/VR, but it remains to be seen whether that’s going to be a big thing. > - “The antitrust problem”: No summary necessary. I really hope Meta/Facebook/Zuckerberg runs out of money and goes away forever
fedilink

In theory, a government is democratically-elected, and courts are democratically-controlled, so isn’t a corporation obeying laws and courts exactly what we want here?

I’m not sure we can expect them to go above and beyond what is legal, no matter how much we might wish them to do so, they simply wouldn’t exist for very long otherwise

We hated them (and they hated it, too) when they extra-judiciously blocked traffic they didn’t agree with in the past, so surely requiring laws/courts to do so in future is better?


Seems like Cloudflare have come up with other ways to avoid blocking content they disagree with:

For instance, when a site that opposed LGBTQ+ rights signed up for a paid version of DDoS mitigation service we worked with our Proudflare employee resource group to identify an organization that supported LGBTQ+ rights and donate 100 percent of the fees for our services to them. We don’t and won’t talk about these efforts publicly because we don’t do them for marketing purposes; we do them because they are aligned with what we believe is morally correct.


> Just as the telephone company doesn't terminate your line if you say awful, racist, bigoted things, we have concluded in consultation with politicians, policy makers, and experts that turning off security services because we think what you publish is despicable is the wrong policy. To be clear, just because we did it in a limited set of cases before doesn’t mean we were right when we did. Or that we will ever do it again.
fedilink

> Japan's newly appointed Minister of Digital Affairs, Taro Kono, has declared war on the floppy disk and other forms of obsolete media, which the government still requires as a submission medium for around 1,900 types of business applications and other forms. The goal is to modernize the procedures by moving the information submission process online.
fedilink

A review of postmarketOS on the Xiaomi Poco F1
> On the whole, I would rate the Poco F1’s bull**** level as follows: > - Initial setup: miserable > - Ongoing problems: minor
fedilink

> A Princeton professor, finding a little time for himself in the summer academic lull, emailed an old friend a couple months ago. Brian Kernighan said hello, asked how their US visit was going, and dropped off hundreds of lines of code that could add Unicode support for AWK, the text-parsing tool he helped create for Unix at Bell Labs in 1977.
fedilink

> A Princeton professor, finding a little time for himself in the summer academic lull, emailed an old friend a couple months ago. Brian Kernighan said hello, asked how their US visit was going, and dropped off hundreds of lines of code that could add Unicode support for AWK, the text-parsing tool he helped create for Unix at Bell Labs in 1977.
fedilink

> Google has a right to decide which users it wants to host. But it was Google’s incorrect algorithms, and Google’s failed human review process, which caused innocent people to be investigated by the police in these cases. It was also Google’s choice to destroy without warning and without due process these fathers’ email accounts, videos, photos, and in one case, telephone service. The consequences of the company’s error are not trivial.
fedilink

> Google has a right to decide which users it wants to host. But it was Google’s incorrect algorithms, and Google’s failed human review process, which caused innocent people to be investigated by the police in these cases. It was also Google’s choice to destroy without warning and without due process these fathers’ email accounts, videos, photos, and in one case, telephone service. The consequences of the company’s error are not trivial.
fedilink

> The reasons for NOT tracking are myriad: First, you’ll engender goodwill with your supporters. Second, you may not imagine your organization to be the likely target of ransomware or of a data breach, but the less data you collect, and the less you share with outside organizations or companies, the less likely that your supporters will be affected. Third, data privacy laws vary across regions, and we are in a time of rapid change with respect to those laws. Minimizing data collection and retention can help ensure you’re complying with those laws.
fedilink

> It sounds like something out of an urban legend: Some Windows XP-era laptops using 5400 RPM spinning hard drives can allegedly be forced to crash when exposed to Janet Jackson's 1989 hit "Rhythm Nation." > >But Microsoft Software Engineer Raymond Chen stands by the story in a blog post published earlier this week, and the vulnerability has been issued an official CVE ID by The Mitre Corporation, lending it more credibility.
fedilink

> Australian police last month arrested the man, now 24, and identified at least 201 of his Australian customers, in an investigation that began in 2017 and involved a dozen law enforcement agencies in Europe and Australia, and information provided by Palo Alto Networks and the FBI. The case underscores the sheer scope of the market for stalkerware—the app, costing just $35, was sold for seven years before law enforcement shut it down. Tens of thousands of victims were spied on, police said. Its customers included domestic violence perpetrators and even a child sex offender.
fedilink

> Australian police last month arrested the man, now 24, and identified at least 201 of his Australian customers, in an investigation that began in 2017 and involved a dozen law enforcement agencies in Europe and Australia, and information provided by Palo Alto Networks and the FBI. The case underscores the sheer scope of the market for stalkerware—the app, costing just $35, was sold for seven years before law enforcement shut it down. Tens of thousands of victims were spied on, police said. Its customers included domestic violence perpetrators and even a child sex offender.
fedilink

Perhaps what we could do is have a preference that is like Firefox’s privacy settings (standard versus strict), as a way for the user to tell NetworkManager their risk-appetite and which set of default behaviours is more appropriate?

It would be even better if this was a system-wide


> As with Colossal's mammoth plans, TIGRR intends to obtain thylacine genomes, identify key differences between that genome and related lineages (mostly quolls), and then edit those differences into marsupial stem cells, which would then be used for IVF. It, too, faces some significant hurdles, in that nobody has made marsupial stem cells yet, nor has anyone cloned a marsupial—two things that have at least been done in placental mammals (though not pachyderms).
fedilink

> In the longer term, the community should pool know-how and effort to elevate the professional artist workstation experience on Linux to be at least on a par with, and hopefully exceed, Windows and macOS. New virtualization and containerization technologies should enable more flexibility, and increased interoperability, so that studio workstations with different operating systems can more easily co-exist with each other. Software vendors and studios should work together to ease the adoption of Linux for studios that want to increase its use on workstations. Finally, better community coordination can help increase the ease and frequency of software updates. This would help the whole community to adopt new capabilities more quickly, and use more recent releases that offer better security, performance, and functionality.
fedilink

> Regulators must take more effective voluntary actions against harmful content and adopt moderation frameworks that are consistent with human rights to make the internet free and limit the power of government agencies in flagging and removing potentially illegal content.
fedilink

Look, everything here is a good suggestion for someone who knows what they are doing, but all of them have the potential to have some impact on the user experience in a variety of negative ways


MAC addresses should be randomised by default, but only when scanning and when connecting to untrusted networks, but how do we know that a network is untrusted? Many newer open networks (e.g. at restaurants, resorts, hotels, parks, etc) use a WPA2-PSK instead of an unencrypted captive portal, so it’s not true that a WPA2-PSK means a network is trustworthy

So, we’d have to prompt the user to ask them, but now we need to explain the risks and why they should care, and we now also need to help inform the user and offer to reverse this choice if it’s not compatible with the network they really want to join


The UX for dealing with all of these suggestions becomes complicated pretty quickly

A privacy-minded person will appreciate the extra knowledge of what their system is doing, but someone trying to switch from Windows or macOS is probably going to be confused unless developers spend a huge amount of time considering every possibility (spoiler: many won’t)


Alternative title: please make it impossible to get normal people to like Linux


I dearly wish Google would switch back to contextual advertising, and then add proper tracking protection to Android and Chrome out-of-the-box

It’s frustrating knowing there are talented security-minded and privacy-minded folks at Google who aren’t allowed to ship any code that would jeopardise the money tree




https://twitter.com/gitlab/status/1555325376687226883

We discussed internally what to do with inactive repositories. We reached a decision to move unused repos to object storage. Once implemented, they will still be accessible but take a bit longer to access after a long period of inactivity.


Yeah, I think there are some cases where it’s a performance thing, sure: e.g. a list that displays a few hard-coded common options, and is repopulated with personalised options once they’ve been fetched from a back-end



I’m still a subscriber, and I greatly prefer the user experience of Netflix (as imperfect as it is) compared to Disney Plus or Amazon Prime Video, or even YouTube

It’s almost as though nobody at these companies even tries to use their own apps


Yeah, we need the different architectures to be roughly equal in market share, so architecture-specific problems like this don’t hit everyone

I’m wondering if we’ll see designs shift away from speculative execution in general, in order to avoid this entire class of attack?