he/him/his, cis, gay, husband, Beagle chew-toy, JavaScript jockey, Rustacean

  • 18 Posts
Joined 1Y ago
Cake day: Apr 06, 2021


The Digital Advertising Act is a bold, promising legislative proposal. It could split apart the most toxic parts of Big Tech to make the internet more competitive, more decentralized, and more respectful of users’ digital human rights, like the right to privacy. As with any complex legislation, th…

Wow, I’m weirdly close to the same age as the X Windows System…

Today’s release of Total Cookie Protection is the result of experimentation and feature testing, first in ETP Strict Mode and Private Browsing windows, then in Firefox Focus earlier this year. We’re now making it a default feature for all Firefox desktop users worldwide…

Music streaming company Spotify will donate $109,000 (100k EUR) to independent, actively maintained, open source projects that align with the company’s core values. It has also opened a dedicated Open Source Program Office (OSPO) to further promote sustainability in the open source ecosystem. Engi…

Nimbuspwn, as Microsoft has named the EoP threat, is two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status. When a machine boots, networkd-dispatcher runs as ro…

Now that those bunny eggs have been painted and the afikomen has been found, it’s time to upgrade Pop!_OS! Here’s what’s new in Pop!_OS 22.04 LTS…

Whatever final legislation comes out of the negotiations won’t be perfect, and it won’t address every concern. But we urge both businesses and advocates not to make the perfect the enemy of the good. Or of better, more consistent protections for all Americans. …

It looks like Google is at least evaluating the prospects of Qt toolkit support for the Chromium/Chrome UI. A Phoronix reader tipped us off to newly-started Gerrit code reviews for Qt support with Chromium…

Yeah, it does have fewer features than older admin portals like webmin, etc

Last year, we released Proton Calendar beta on Android, marking a significant milestone in the expansion of Proton’s privacy ecosystem. We’ve been busy incorporating your feedback over the past year, and today we’re happy to officially launch Proton Calendar on Android!..

Cockpit 267

Cockpit is the modern Linux admin interface. We release regularly. …

Nushell 0.61 | Nushell

Nushell, or Nu for short, is a new shell that takes a modern, structured approach to your commandline. It works seamlessly with the data from your filesystem, operating system, and a growing number of file formats to make it easy to build powerful commandline pipelines. …

Start with the home page: https://www.freedesktop.org/wiki/Software/dbus/

There are a few “introduction” resources and an FAQ linked there that seem like a good start

The “dbus” part is really the hard part of working with xdg-desktop-portal, at least in my own experience

So far, from what I’ve learned about dbus and xdg-desktop-portal messages, we could definitely have catch-all hooks like that ( https://gitlab.com/jokeyrhyme/xdp-hook-rs/-/issues/2 )

What’s not clear to me yet, however, is how i can trace the ownership of such messages back to the processes that initiated them

dbus sender/receiver IDs are just arbitrary text, and don’t seem to have a reliable relationship with the caller

I do have this on my roadmap though ( https://gitlab.com/jokeyrhyme/xdp-hook-rs#roadmap )

I’d like to share a side-project that I finally got to a minimally-useful state this weekend, in case others find it useful …

If we get behavioural advertising banned everywhere, then there will be no profit in collecting this data, and Google will stop doing it: https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising

Let’s get back to advertising based only on current context, and eliminate the entire business model based on tracking our behaviour over time

A truly patriotic party is beholden to local oligarchs (e.g. billionaires) instead of foreign oligarchs

I guess a better parallel is using C/C++ to write software, where it is trivially easy to mismanaged memory in ways that cause 70% of CVEs

If we were being consistent, we’d be trying to eliminate all software written in any language or framework where it is trivially easy to introduce security issues

I wonder how many anti-Electron folks are also logically anti-C/C++ ?

You mean how like nobody ever ever pipes the output of curl into a bash with root privileges? :P

Maybe we should ban cURL when we ban Electron?

An Electron app has full access to your filesystem and to other system resources, the same as any other desktop app

Is there a specific reason or example for why we say it has terrible security here?

Chromium has an incredibly advanced and optimised graphics pipeline and the code that is running in the “web” part of an Electron app benefits from Chromium’s sandbox

People complain about Electron, but without it there would probably be even fewer cross-platform apps today

Some aspects of it might be less than perfect, but let’s not allow perfect to be the enemy of good

Electron doesn’t automatically mean that an app is bad, just like Unity doesn’t automatically mean that a game is good

I prefer Zig, Rust, Go, and every other programming language that isn’t the cause of 70% of CVEs

Humans are just bad at managing memory safety, so why encourage the use of such tools?

I had used sway for a year or so and liked it

Then a switched to river ( https://github.com/riverwm/river ) a few months ago, it’s also fine

I’m on a very slow mission to remove C/C++ from my setup, otherwise I’d still be on sway

Helping to standardise a global dark mode preference is nice

I’ve been trying to rig laptop lid events to wayland/pipewire controls, and it’s sort of tricky to do this with acpid, so I put together this utility (user-acpid) to read from acpid’s socket and handle events in the context of an interactive user session: https://gitlab.com/jokeyrhyme/user-acp


For the master’s tools will never dismantle the master’s house. They may allow us to temporarily beat him at his own game, but they will never enable us to bring about genuine change.

  • Audre Lorde

Meh, I’ve been using the official Firefox flatpak, and I love that my web browser has no access whatsoever to my ~/.ssh private keys, or anything else I don’t want it to be able to read

These are good online tips for anyone risking harassment or threats to physical safety…