pnutzh4x0r

joined 1 year ago
41
A Linux Desktop for the family (chronicles.mad-scientist.club)
 

I saw plenty of efforts that aim to create a Linux distribution for non-enthusiasts, for people who just want to use their computers, and not care about the details - A Desktop for All on the GNOME blog, most recently. While I commend the effort, my own experience is that these efforts are futile, and start off from a fundamentally wrong premise: that people are willing (let alone wanting) to manage their own operating systems.

...

My family is using Linux because that’s the system I can maintain for them. Apart from my Dad, they never installed Linux, and never will. They don’t install software, they don’t upgrade, they don’t change settings either. All of that is something I do for them. And to do so effectively, I need a distribution I am familiar with, one that is also flexible enough to fine-tune for every member of the family, because they prefer fundamentally different things!

...

The common pattern between all these three is that neither of them maintains their own systems. I do. As such, how beginner friendly the distribution is, is meaningless. The users of the system don’t care, they’ll never see those parts. They’ll have a preconfigured system maintained by someone else, and that’s exactly what they want. To make this work, I’m using distributions I am familiar with. For my parents, that’s Debian, because I was a Debian person when their systems were installed. For my Wife, it is NixOS, because I’m a NixOS person now. For the Twins, it will likely be NixOS too.

 

A new patch series posted today to the Linux kernel mailing list would block kernel modules/drivers from TUXEDO Computers from accessing GPL-only symbols in the kernel.

TUXEDO Computers maintains a set of kernel drivers currently out-of-tree for their various laptops for additional functionality around power profiles, keyboard backlight controls, WMI, sensor monitoring, the embedded controller, and other functionality. They have said they want to eventually mainline these drivers but in the name of allowing for rapid hardware support they maintain them out-of-tree and ship them with their Ubuntu-based TUXEDO OS and also have the driver sources available via GitLab.

The issue at hand though is that these kernel drivers marked as GPLv3+ and that conflicts with the upstream Linux kernel code licensed as GPLv2. There was a commit to change the driver license from GPLv3 to GPL(v2) but was reverted by TUXEDO Computers on the basis of "until the legal stuff is sorted out."

[–] [email protected] 0 points 2 days ago

XP is still not great, but you no longer have to wait outside the barrier... which is a big plus. Managed to do a few rounds this morning and got to 71 RC and was rewarded a few pearls.

 

2023 had been a slow year, so we skipped on our traditional annual update, but it is back this year. here’s a summary of everything that’s been happening since Nov 2022. Most of the progress these last two years have been around making chathistory more suitable for the real world, and reducing bandwidth usage for mobile clients.

[–] [email protected] 3 points 6 days ago

Over the course of the last 20 years, I've gone from Arch -> Void -> Pop!_OS -> Ubuntu, and that is what I use on all my machines (laptops, desktops, servers).

[–] [email protected] 0 points 1 week ago

I'm very close to 99 mining (about 400k left), so will probably continue star mining and amethyst mining.

My medium term goal is Varrock Elite (which is why I starting mining) and all I have left is 7 more runecrafting levels... but I really dislike this skill, so have been dragging my feet.

 

Whether you just downloaded Firefox, or you’ve been with us since the beginning, you are a vital part of helping us make the internet a better place. Here's a sneak peak at what's coming next!

0
COSMIC Utils (cosmic-utils.github.io)
 

Community driven applications and extensions written to extend the power of the COSMIC™ Desktop made by System 76.

COSMIC Utils Projects are all open source and as such welcome the spirit of open collaboration. Head over to the source code of any of the projects listed above and help however you feel necessary!

This is a collection of third party utilities designed for COSMIC. The organization is open to welcoming new projects and contributors.

 

Runescape has been a game near and dear to my heart since I was a child. Though I do not actively play anymore, it still functions as an interesting programming project substrate. Most recently, I created a bot that automatically executes trades on the Grand Exchange in order to conduct market making via common machine learning techniques. This blog post will explain the individual components of the bot, the various trading algorithms used, and the results of an experiment comparing the various trading algorithms' performance.

[–] [email protected] 0 points 2 weeks ago

According to #243 Chatting COSMIC Desktop Alpha With The CEO | Carl Richell, they are planning an alpha release on the last thursday of each month. This means that Alpha 3 should be out on October 31, 2024.

Likewise, Carl hopes to have a Beta 1 in January 2025.

 

A while back COSMIC entered its Alpha 1 and then Alpha 2 and now we have the CEO of System76 Carl Richell back on the show to talk about the project.

One notable comment (around minute 49) by Carl is that there will "soon" be a development option available for Pop!_OS 22.04 users to upgrade to 24.04 where some GNOME applications will be replaced by their COSMIC equivalents.

 

If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including how it’s different from prior memory protection schemes and how it works in the kernel to protect virtual memory. We’ll also describe the particular exploit scenarios that mseal helps stop in Linux userspace, such as stopping malicious permissions tampering and preventing memory unmapping attacks.

Memory sealing allows developers to make memory regions immutable from illicit modifications during program runtime. When a virtual memory address (VMA) range is sealed, an attacker with a code execution primitive cannot perform subsequent virtual memory operations to change the VMA’s permissions or modify how it is laid out for their benefit.

...

mseal digresses from prior memory protection schemes on Linux because it is a syscall tailored specifically for exploit mitigation against remote attackers seeking code execution rather than potentially local ones looking to exfiltrate sensitive secrets in-memory.

...

From the disallowed operations, we can discern two particular exploit scenarios that memory sealing will prevent:

  • Tampering with a VMA’s permissions. Notably, not allowing executable permissions to be set can stop the revival of shellcode-based attacks.
  • “Hole-punching” through arbitrary unmapping/remapping of a memory region, mitigating data-only exploits that take advantage of refilling memory regions with attacker-controlled data.

...

There are likely many other use cases and scenarios that we didn’t cover. After all, mseal is the newest kid on the block in the Linux kernel! As the glibc integration completes and matures, we expect to see improved iterations for the syscall to meet particular demands, including fleshing out the ultimate use of the flags parameter.

 

Drivers passing through San Francisco have a new roadside distraction to consider: billboards calling out businesses that don't cough up for the open source code that they use.

The signs are the work of the Open Source Pledge – a group that launched earlier this month. It asks businesses that make use of open source code to pledge $2,000 per developer to support projects that develop the code. So far, 25 companies have signed up – but project co-founder Chad Whitacre wants bigger firms to pay their dues, too.

[–] [email protected] 4 points 3 weeks ago (1 children)

Old School Runescape.

[–] [email protected] 6 points 3 weeks ago

I'm not sure. As long as it keeps working, I'll probably keep using it until a viable alternative appears. I use my laptop more than my phone, so I don't actually need passwords on my phone as often.

[–] [email protected] 24 points 3 weeks ago (3 children)

This one hurts... as I use this as my password manager on mobile :{

 

Over the past 3 years the pace of development in APS has steadily fallen off as maintainers including myself have moved on to other things. I no longer have time and motivation to dedicate to this project, and in the absence of significant external contributions there is no-one else I can offer the project's stewardship to.

To that effect, I will be archiving the repository on Monday, October 14th 2024 at 7AM GST. In the situation that a serious and viable fork emerges, I will help them as much as I can with the transition. The criteria for what counts as "serious and viable" is entirely vibes-driven for now, and may become more specific in the future. In case I determine that a fork does not live up to my made up standard, they will have to come up with a slightly more creative name than "Android Password Store" and watch low 4 figures of cash wither away in OpenCollective's bank account.

 

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

 

We are excited to announce the launch of a dedicated fund aimed at providing financial assistance to Free/Libre and Open Source Software (FOSS/FLOSS) projects globally, with an annual commitment of $1 million. I will use the FOSS acronym in this post hereafter.

...

For us, FLOSS/fund is about hacker goodwill, reciprocity, and common sense business strategy. We invite you to apply for funding. If you would like to understand the motivations behind this, a bit of storytelling lies ahead.

...

To initiate and give this experiment a serious shot, FLOSS/fund will accept funding requests from projects through a publicly accessible funding.json file hosted on their respositories or websites. This file is not meant to convey everything there is to know—an impossible task—but to solicit interest and communicate enough to ensure discoverability which would not be possible otherwise. Refer to the funding.json docs to know more.

Applications that come through to the FLOSS/fund will be indexed and published on the dir.floss.fund directory / portal, making them publicly discoverable by anyone interested in supporting projects. This is going to be an interesting experiment. Fingers crossed!

[–] [email protected] 0 points 1 month ago (2 children)

I still haven't done much of Varlamore Part 1(just some thieving of rich citizens and hunter rumours). With Part 2, I did do the Colossol Wyrm agility course and got the graceful recolor. I have yet to do Moons or the new prayer training.

That said, I did try out Hueycotl with some friends and... it was kinda lacking. The fight is long and the drops are not good. I know they recently buffed the drop table a bit, but I'm not in a rush to go back... Which is fine, I still have lots of things to do (ie. I just finished Sins of the Father and am now working on the Elite Varrock diary).

[–] [email protected] 164 points 1 month ago (3 children)

I think the "Ubuntu Core 22" means it is the snap based version of Steam rather than the deb version.

If you look at the snapcraft.yaml for the Steam snap, it uses core22 as its base.

[–] [email protected] 9 points 1 month ago* (last edited 1 month ago)
[–] [email protected] 67 points 1 month ago

This is a great summary. Thanks!

[–] [email protected] 19 points 2 months ago (6 children)

It looks like you are running XFCE instead of GNOME (the normal Ubuntu desktop). I'm not sure how that happened... but you an always just install another desktop.

For instance, you can try to make sure you have the ubuntu-desktop or ubuntu-desktop-minimal metapackage installed:

sudo apt install ubuntu-desktop-minimal

After that, the login manager should allow you to select the Ubuntu session rather than the XFCE one.

view more: next ›