Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Snapcraft Clinic Successes

    On Thursday I mentioned we were restarting the Snapcraft Clinic. Basically we stand up a regular video call with engineers from the snap and snapcraft team & us from Snap Advocacy. Developers of applications and publishers of snaps are invited to join to troubleshoot.

    There was nothing especially secret or private discussed, but as we don’t record or stream the calls, and I don’t have direct permission to mention the applications or people involved, so I’ll keep this a little vague. In future I think we should ask permission and record the outcomes of the calls.

    We had a few productive discussions. One developer brought an application which they’d requested classic confinement for, and wished to discuss the options for confinement. We had a rather lengthy open discussion about the appropriateness of the available options. The developer was offered some choices, including making changes to their application to accomodate confinement, and another was (as always) not to snap the application. They appreciated our openness in terms of accepting that there are limitations with all software, and not everything always makes sense to be packaged as a snap, at the moment.

    We also had a productive discusison with a representative of a group responsible for publishing multiple snaps. They had difficulties with a graphical snapped application once it had been updated to use core20. The application would launch and almost immediately segfault. As the application was already published in the Snap Store, in a non-stable channel, we were all able to install it to test on our own systems.

  • Kraft Version 0.96

    Ich freue mich, heute das Release Version 0.96 von Kraft herauszugeben. Die neue Version kann über die Homepage heruntergeladen werden.

  • A new data format has landed in the upcoming GTG 0.5

    Diego’s changes are major, invasive technological changes, and they would benefit from extensive testing by everybody with “real data” before 0.5 happens (very soon). I’ve done some pretty extensive testing & bug reporting in the last few months; Diego fixed all the issues I’ve reported so far, so I’ve pretty much run out of serious bugs now, as only a few remain targetted to the 0.5 milestone… But I’m only human, and it is possible that issues might remain, even after my troll-testing.

    Grab GTG’s git version ASAP, with a copy of your real data (for extra caution, and also because we want you to test with real data); see the instructions in the README, including the “Where is my user data and config stored?” section.

    Please torture-test it to make sure everything is working properly, and report issues you may find (if any). Look for anything that might seem broken “compared to 0.4”, incorrect task parenting/associations, incorrect tagging, broken content, etc.

  • MAS ‘Ocean strainer’ technology to be open source

    Inspired by the success of its ‘Ocean Strainer’ floating trash trap, a pilot project launched in the Dehiwala Canal last year, MAS Holdings will make the ‘Ocean Strainer’ technology available to interested parties, to replicate and scale up the solution.

  • Notes on Addressing Supply Chain Vulnerabilities

    One of the unsung achievements of modern software development is the degree to which it has become componentized: not that long ago, when you wanted to write a piece of software you had to write pretty much the whole thing using whatever tools were provided by the language you were writing in, maybe with a few specialized libraries like OpenSSL. No longer. The combination of newer languages, Open Source development and easy-to-use package management systems like JavaScript’s npm or Rust’s Cargo/crates.io has revolutionized how people write software, making it standard practice to pull in third party libraries even for the simplest tasks; it’s not at all uncommon for programs to depend on hundreds or thousands of third party packages.

    [...]

    Even packages which are well maintained and have good development practices routinely have vulnerabilities. For example, Firefox recently released a new version that fixed a vulnerability in the popular ANGLE graphics engine, which is maintained by Google. Both Mozilla and Google follow the practices that this blog post recommends, but it’s just the case that people make mistakes. To (possibly mis)quote Steve Bellovin, “Software has bugs. Security-relevant software has security-relevant bugs”. So, while these practices are important to reduce the risk of vulnerabilities, we know they can’t eliminate them.

    Of course this applies to inadvertant vulnerabilities, but what about malicious actors (though note that Brewer et al. observe that “Taking a step back, although supply-chain attacks are a risk, the vast majority of vulnerabilities are mundane and unintentional—honest errors made by well-intentioned developers.”)? It’s possible that some of their proposed changes (in particular forbidding anonymous authors) might have an impact here, but it’s really hard to see how this is actionable. What’s the standard for not being anonymous? That you have an e-mail address? A Web page? A DUNS number?[3] None of these seem particularly difficult for a dedicated attacker to fake and of course the more strict you make the requirements the more it’s a burden for the (vast majority) of legitimate developers.

    I do want to acknowledge at this point that Brewer et al. clearly state that multiple layers of protection needed and that it’s necessary to have robust mechanisms for handling vulnerability defenses. I agree with all that, I’m just less certain about this particular piece.

  • 26 Firefox Quantum About:Config Tricks You Need to Learn - Make Tech Easier

    “Here be dragons,” reads the ominous disclaimer when you type about:config into Firefox’s URL bar, warning you that tweaking things in this area is largely experimental and can cause instability to your browser.

    Sounds exciting, right? And even though it sounds a little scary, the fact is you will almost certainly be okay when you start playing around in this area and can actually use the features here to improve and speed up your browser. These are Make Tech Easier’s favorite Firefox about:config tricks, freshly updated for Firefox Quantum.

  • Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973 - Blueliv

More in Tux Machines

Audiocasts/Shows: Late Night Linux, Destination Linux, and More

Kernel: Slowdown, CephFS, and FS-Cache / CacheFiles

  • How a performance boost in Linux kernel for one family of Intel chips slowed its latest Alder Lake processors

    The mixture of performance and efficiency CPUs in Intel’s 12th-gen Core processors, code-named Alder Lake, hasn’t just been causing problems for some Windows gamers – it almost led to complications for Linux. Phoronix’s Michael Larabel noticed a performance hit in the kernel a fortnight ago – in a work-in-progress release candidate, we should stress – and a fix for the scheduling code landed a little later. It turned out the kernel suffered on Alder Lake chips due to a performance-enhancing tweak for another Intel processor family: the multiple-Atom-core-based Jacobsville. This year, Intel officially canned its Lakefield chips. These consisted of a performance core called Sunny Cove as well as Atom-class efficiency cores dubbed Tremont. Crucially, there are still multi-Tremont-core embedded processors out there, such as Snow Ridge. These are server and infrastructure-oriented components with up to 24 cores. The first proposed cut of kernel 5.16, specifically 5.16-rc1, contained a revision to the scheduler that makes it aware that some clusters of cores share a block of L2 cache – as seen in Snow Ridge and Jacobsville.

  • Testing the Linux Kernel CephFS Client with xfstests

    I do a lot of testing with the kernel cephfs client these days, and have had a number of people ask about how I test it. For now, I’ll gloss over the cluster setup since there are other tutorials for that.

  • Major Rewrite Of Linux's FS-Cache / CacheFiles So It's Smaller & Simpler - Phoronix

    As part of David Howells of Red Hat long-term work on improving the caching code used by network file-systems, he today posted a big patch series rewriting the fscache and cachefiles code as the latest significant step on that adventure. Howells posted a set of 64 patches for rewriting the kernel's fscache and cachefiles code. Linux's fsache is a general purpose cache used by network file-systems while cachefiles is for providing a caching back-end for mounted local file-systems. The Red Hat engineer has been working on this rewrite for more than the past year.

Ubuntu Weekly Newsletter and Ubuntu Desktop on Google Clown

  • Ubuntu Weekly Newsletter Issue 711

    Welcome to the Ubuntu Weekly Newsletter, Issue 711 for the week of November 21 – 27, 2021. The full version of this issue is available here.

  • Launch Ubuntu Desktop on Google Cloud

    This tutorial shows you how to set up a Ubuntu Desktop on Google Cloud. If you need a graphic interface to your virtual desktop on the cloud, this tutorial will teach you how to set up a desktop environment just like what you can get on your own computer.

Open Hardware/Modding: ESP32, 3-D Printing, Raspberry Pi Pico, PocketBeagle

  • Wireless thermal printer kit features M5Stack ATOM Lite controller - CNX Software

    This is certainly not the first ESP32 thermal printer solution, as there are various implementations including bitbank2 thermal printer Arduino connecting ESP32 and nRF52 boards to the printer over Bluetotoh LE, or a Arduino sketches to print bitmaps over serial or MQTT.

  • Generate Fully Parametric, 3D-Printable Speaker Enclosures | Hackaday

    Having the right speaker enclosure can make a big difference to sound quality, so it’s no surprise that customizable ones are a common project for those who treat sound seriously. In that vein, [zx82net]’s Universal Speaker Box aims to give one everything they need to craft the perfect enclosure.

  • Z80 Video Output Via The Raspberry Pi Pico | Hackaday

    Building basic computers from the ground up is a popular pastime in the hacker community. [Kevin] is one such enthusiast, and decided to whip up a video interface for his retro Z80 machine.

  • The Calculator Charm: Calculatorium Leviosa! | Hackaday

    Have you ever tried waving your hand around like a magic wand and summoning a calculator? We would guess not since you’d probably look a little silly doing so. That is unless you had [Andrei’s] cool gesture-controlled calculator. [Andrei] thought it would be helpful to use a calculator in his research lab without having to take his gloves off and the results are pretty cool. His hardware consists of a PocketBeagle, an OLED, and an MPU6050 inertial measurement unit for capturing his hand motions using an accelerometer and gyroscope. The hardware is pretty straightforward, so the beauty of this project lies in its machine learning implementation.