thomask

joined 2 years ago
MODERATOR OF
[–] thomask@lemmy.sdf.org 3 points 2 months ago

It also has the best promotional video I've ever seen for a terminal emulator: https://www.youtube.com/watch?v=8gw0rXPMMPE

[–] thomask@lemmy.sdf.org 8 points 2 months ago (1 children)

I know it's not the sub for it however some people might like to know: the open source tool Rufus, when noticing that you're creating a Win11 USB, will by default offer to patch it to remove the TPM requirement and other restrictions. So now I have W11 happily running on an "unsupported" machine. Yes, I did have Linux on it previously but something has regressed in the kernel in the last year or two and it often freezes on wake, which is well beyond my care factor to help debug.

[–] thomask@lemmy.sdf.org 1 points 2 months ago

Do you think there's a way for this to scale to larger projects like Servo? Or will it only work for a few people collaborating?

[–] thomask@lemmy.sdf.org 4 points 2 months ago (1 children)

This is a good point. I assumed here that FS advocates will be basically opposed to a technology that serves to incorporate their code into software that does not provide the fundamental freedoms to end users, more than those who license their work permissively. But yes you could imagine an FS advocate who is quite happy to use the tech themselves and churn out code with GPL attached.

 

Some thoughts/predictions about how open source developers will be forced to choose their path with GenAI.

Full disclaimer: my own post, sharing for discussion and to find out if anyone has any brilliant ideas what else could be done. It looks like self-posts are okay here but let me know if I'm wrong about that.

[–] thomask@lemmy.sdf.org 2 points 2 months ago

Fossil has a lot of features and config knobs.

[–] thomask@lemmy.sdf.org 7 points 3 months ago

Why is this LLM trying to teach me about acyclic graphs in the middle of an article about Linux platform support?

[–] thomask@lemmy.sdf.org 18 points 3 months ago

AFAICT this is super mundane. Devs added some checks that when run will drop .hdrtest files all over the source tree when you do a normal build. This is really unclean and has practical ramifications even if you gitignore them as Linus points out. Pretty much any lead developer would be upset if someone tried to merge something like this in a software project, and it has essentially nothing to do with the particular drivers or code functionality.

 

You've probably heard of the famous 'thank you for playing Wing Commander' story. It claims that a programmer on the original Wing Commander was stuck getting an error message when the game unloaded its memory during a quit. Pressed for time, instead of fixing the issue he simply hex edited the memory manager's error reporting to print 'thank you for playing Wing Commander' instead. A funny and relatable story!

...

Wing Commander I fans, meanwhile, have been understandably cautious about the anecdote and particularly the included screenshot. For one thing, Wing Commander I's default install direction isn't c:/wc1 and the game doesn't actually print "Thank You for Playing Wing Commander!" when you quit. Is the story even real?

 

As a grumpy old man who wishes his computer would stop changing I've been trying to get on board with XFCE for a while and the big blocker has been making things work well on my 4K screen. (For the record this post is based on Debian testing = trixie, X11, and nvidia proprietary drivers god have mercy on my soul.)

For a while XFCE only supported the type of scaling that makes things smaller. Understandably IMO this confused a few people and happily this has been upgraded and now it also makes things bigger. However in my experience this also makes things blurrier.

In my latest round of testing it appears that the situation can be fixed with a single setting: font DPI.

Settings Manager > Appearance > Fonts (tab) > Custom DPI setting > I chose 150, and logged out and in to have everything take effect.

From this single change everything is looking good in both GTK and Qt apps. I did also increase the size of my panel through the panel settings, and title bars are kind of tiny, but mostly I use maximised applications so I'm not stressing about this too much.

Hope this helps anyone else who is stuck in an "ohgod why couldn't we just stop after Windows 2000" love-hate relationship with computers.

[–] thomask@lemmy.sdf.org 1 points 3 months ago (1 children)

Ah yes, so straightforward.

[–] thomask@lemmy.sdf.org 1 points 3 months ago

I'm confident that if the host is compromised I'm screwed regardless.

[–] thomask@lemmy.sdf.org 1 points 3 months ago (3 children)

I have to assume that we're in this situation because because the app does not exist in our distro's repo (or homebrew or whatever else). So how do you go about this verification? You need a trusted public key, right? You wouldn't happen to be downloading that from the same website that you're worried might be sending you compromised scripts or binaries? You wouldn't happen to be downloading the key from a public keyserver and assuming it belongs to the person whose name is on it?

This is such a ridiculously high bar to avert a "security nightmare". Regular users will be better off ignoring such esoteric suggestions and just looking for lots of stars on GitHub.

[–] thomask@lemmy.sdf.org 11 points 3 months ago* (last edited 3 months ago) (7 children)

So tell me: if I download and run a bash script over https, or a .deb file over https and then install it, why is the former a "security nightmare" and the latter not?

[–] thomask@lemmy.sdf.org 16 points 3 months ago* (last edited 3 months ago) (25 children)

The security concerns are often overblown. The bigger problem for me is I don't know what kind of mess it's going to make or whether I can undo it. If it's a .deb or even a tarball to extract in /usr/local then I know how to uninstall.

I will still use them sometimes but for things I know and understand - e.g. rustup will put things in ~/.rustup and update the PATH in my shell profile and because I know that's what it does I'm happy to use the automation on a new system.

 

Two independent groups of researchers have identified a total of 6 vulnerabilities in rsync. In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.

 

The following summary from Debian's security list:

The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.

view more: next ›