Arthur Besse
cultural reviewer and dabbler in stylistic premonitions
- 25 Posts
- 68 Comments
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•Tuxedo OS (Ubuntu-based) with KDE/Wayland - waking from Sleep freezes the computer. Help?English3·10 days agoyou could edit your post title
Have you tried https://mike-fabian.github.io/ibus-typing-booster/ ?
I have not, but I think it does what you’re looking for.
The demo video emphasizes its use as an emoji picker but it was originally created for typing Indic languages.
i figured this was likely astroturfing by one of the many shitty companies it is advertising, so i went looking for the source. somewhat to my surprise this image was apparently created by reddit user u/theFallenWalnut who’s actually been posting there for over 10 years 🤔
if you check their account you’ll see they’ve actually updated their recommendations to remove several companies (including proton and spotify) which are included in the older version of it posted here.
but, they’re still suggesting lots of garbage.
see also https://en.wikipedia.org/wiki/Ethical_consumerism#Criticism
Arthur Besse@lemmy.mlto Technology@lemmy.ml•Content moderation is what a 21st century hazardous job looks likeEnglish14·13 days agoand here i does it for free 🤡
At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.
I used to use it long ago, and was pretty happy with it.
But looking closer now, what is going on with security there?! Sorry to be the bearer of probably bad news, but... 😬
The only three CVEs in their changelog are from 2007, 2010, and 2014, and none are specific to claws.
Does that mean they haven’t had any exploitable bugs? That seems extremely unlikely for a program written in C with the complexity that being an email client requires.
All of the recent changelog entries which sound like possibly-security-relevant bugs have seven-digit numbers prefixed with “CID”, whereas the other bugs have four-digit bug numbers corresponding to entries in their bugzilla.
After a few minutes of searching, I have failed to figure out what “CID” means, or indeed to find any reference to these numbers outside of claws commit messages and release announcements. In any case, from the types of bugs which have these numbers instead of bugzilla entries, it seems to be the designation they are using for security bugs.
The effect of failing to register CVEs and issue security advisories is that downstream distributors of claws (such as the Linux distributions which the project’s website recommends installing it from) do not patch these issues.
For instance, claws is included in Debian stable and three currently-supported LTS releases of Ubuntu - which are places where users could be receiving security updates if the project registered CVEs, but are not since they don’t.
Even if you get claws from a rolling release distro, or build the latest release yourself, it looks like you’d still be lagging substantially on likely-security-relevant updates: there have actually been numerous commits containing CID numbers in the month since the last release.
If the claws developers happen to read this: thanks for writing free software, but: please update your FAQ to explain these CID numbers, and start issuing security advisories and/or registering CVEs when appropriate so that your distributors will ship security updates to your users!
Arthur Besse@lemmy.mlto Open Source@lemmy.ml•is there something about rust which precludes copyleft licensing?English2·13 days agoNope.
Nope, it is.
It allows someone to use code without sharing the changes of that code. It enables non-free software creators like Microsoft to take the code, use it however they like, and not have to share back.
This is correct; it is a permissive license.
This is what Free Software prevents.
No, that is what copyleft (aims to) prevent.
Tired of people calling things like MIT and *BSD true libre/Free Software.
The no True Scotsman fallacy requires a lack of authority about what what constitutes “true” - but in the case of Free/Libre software, we have one: https://en.wikipedia.org/wiki/The_Free_Software_Definition
If you look at this license list (maintained by the Free Software Foundation’s Licensing and Compliance Lab) you’ll see that they classify many non-copyleft licenses as “permissive free software licenses”.
They’re basically one step away from no license at all.
Under the Berne Convention of 1886, everything is copyrighted by default, so “no license at all” means that nobody has permission to redistribute it :)
The differences between permissive free software licenses and CC0 or a simple declaration that something is “dedicated to the public domain” are subtle and it’s easy to see them as irrelevant, but the choice of license does have consequences.
The FSF recommends that people who want to use a permissive license choose Apache 2.0 “for substantial programs” because of its clause which “prevents patent treachery”, while noting that that clause makes it incompatible with GPLv2. For “simple programs” when the author wants a permissive license, FSF recommends the Expat license (aka the MIT license).
It is noteworthy that the latter is compatible with GPLv2; MIT-licensed programs can be included in a GPLv2-only work (like the Linux kernel) while Apache 2.0-licensed programs cannot. (GPLv3 is more accommodating and allows patent-related additional restrictions to be applied, so it is compatible with Apache 2.0.)
Arthur Besse@lemmy.mlto Open Source@lemmy.ml•Organic Maps successfully migrates to Forgejo after GitHub blocks themEnglish15·13 days agoWhat is a U.S.-sanctioned place? Why does the U.S. government think this is a bad thing?
https://en.wikipedia.org/wiki/United_States_government_sanctions
Arthur Besse@lemmy.mlto Open Source@lemmy.ml•Organic Maps successfully migrates to Forgejo after GitHub blocks themEnglish67·13 days ago🎉 sometimes US sanctions actually do lead to positive outcomes :)
Arthur Besse@lemmy.mlto Open Source@lemmy.ml•is there something about rust which precludes copyleft licensing?English15·14 days agoI often see Rust mentioned at the same time as MIT-type licenses. Is it just a cultural thing that people who write Rust dislike Libre licenses?
The word “libre” in the context of licensing exists to clarify the ambiguity of the word “free”, to emphasize that it means “free as in freedom” rather than “free as in beer” (aka no cost, or gratis) as the FSF explains here.
The MIT license is a “libre” license, because it does meet the Free Software Definition.
I think the word you are looking for here is copyleft: the MIT license is a permissive license, meaning it is not a copyleft license.
I don’t know enough about the Rust community to say why, but from a distance my impression is that yes they do appear to have a cultural preference for permissive licenses.
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•What's with the move to MIT over AGPL for utilities?English12·15 days agofyi: GNU coreutils are licensed GPL, not AGPL.
there is so much other confusion in this thread, i can’t even 🤦
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•What's with the move to MIT over AGPL for utilities?English32·16 days agoApple makes the source code to all their core utilities available
Apple makes the source code for many open source things they distribute available, but often only long after they have shipped binaries. And many parts of their OS which they developed in-house which could also be called “core utilities” are not open source at all.
Every Linux distro uses CUPS for printing. Apple wrote that and gave it away as free software.
Apple did not write cups.
It was was created by Michael R. Sweet in 1997, and was GPL-licensed and used on Linux distros before Mac OS X existed. Apple didn’t want to be bound by the GPL so they purchased a different license for it in 2002.
Later, in 2007 they bought the source code and hired msweet to continue its development, and at some point the license of the FOSS version was changed to “GNU General Public License (“GPL”) and GNU Library General Public License (“LGPL”), Version 2, with an exception for Apple operating systems.”
for example, on a linux distro, we could modify the desktop environment and make it waaaaay lighter by getting rid of jpg or png icons and just using pure svg on it.
this has largely happened; if you’re on a dpkg-based distro try running this command:
dpkg -S svg | grep svg$ | sort
…and you’ll see that your distro includes thousands of SVG files :)
explanation of that pipeline:
dpkg -S svg
- this searches for files installed by the package manager which contain “svg” in their pathgrep svg$
- this filters the output to only show paths which end with svg; that is, the actual svg files. the argument to grep is a regular expression, wheremeans “end of line”. you can invert the match (to see the paths
dpkg -S svg
found which only contain “svg” in the middle of the path) by writinggrep -v svg$
instead.- the
sort
command does what it says on the tin, and makes the output easier to read
you can run
man dpkg
,man grep
, andman sort
to read more about each of these commands.
No, SVG files are not HTML.
Please change this post title (currently “today i learned: svg files are literally just html code”), to avoid spreading this incorrect factoid!I suggest you change it to “today i learned: svg files are just text in an html-like language” or something like that.edit: thanks OPXML and HTML have many similarities, because they both are descendants of SGML. But, as others have noted in this thread, HTML is also not XML. (Except for when it’s XHTML…)
Like HTML, SVG also can use CSS, and, in some environments (eg, in browsers, but not in Inkscape) also JavaScript. But, the styles you can specify with CSS in SVG are quite different than those you can specify with CSS in HTML.
Lastly, you can embed SVG in HTML and it will work in (modern) browsers. You cannot embed HTML in SVG, however.
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•Linux Terminal: CTRL+D is like pressing ENTEREnglish2·19 days agoA ctrl-d does nothing on a non-empty line.
ctrl-d actually is flushing the buffer regardless of if the line is empty or not.
See my other comment for how you can observe it.
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•Linux Terminal: CTRL+D is like pressing ENTEREnglish8·19 days agoNote: for readers who aren’t aware, the notation
^X
means hold down the ctrl key and type x (without shift).ctrl-a though ctrl-z will send ASCII characters 1 through 26, which are called control characters (because they’re for controling things, and also because you can type them by holding down the control key).
^D is the EOF character.
$ stty -a | grep eof intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; $ man stty |grep -A1 eof |head -n2 eof CHAR CHAR will send an end of file (terminate the input)
Nope, Chuck Testa: there is no EOF character. Or, one could also say there is an EOF character, but which character it is can be configured on a per-tty basis, and by default it is configured to be
^D
- which (since “D” is the fourth letter of the alphabet) is ASCII character 4, which (as you can see inman ascii
) is called EOT or “end of transmission”.What that
stty
output means is that^D
is the character specified to triggereof
. That means this character is intercepted (by the kernel’s tty driver) and, instead of sending the character to the process reading standard input, the tty “will send an end of file (terminate the input)”.By default
eof
is^D
(EOT), a control character, but it can be set to any character.For instance: run
stty eof x
and now, in that terminal, “x” (by itself, without the control key) will be the EOF character and will behave exactly as^D
did before. (The rest of this comment assumes you are still in a normal default terminal where you have not done that.)But “send an end of file” does not mean sending EOT or any other character to the reading process: as the blog post explains, it actually (counterintuitively) means flushing the buffer - meaning, causing the
read
syscall to return with whatever is in the buffer currently.It is confusing that this functionality is called
eof
, and thestty
man page description of it is even more so, given that it (really!) does actually flush the contents of the buffer toread
- even if the line buffer is not empty, in which case it is not actually indicating end-of-file!You can confirm this is happening by running
cat
and typing a few characters and then hitting^D
, and then typing more, and hitting^D
again. (Each time you flush the buffer,cat
will immediately echo the latest characters that had been buffered, even though you have not hit enter yet.)Or, you can pipe
cat
intopv
and see that^D
also causespv
to receive the buffer contents prior to hitting enter.I guess unix calls this
eof
because this function is most often used to flush an empty buffer, which is how you “send an end of file” to the reader.The empty-
read
-means-EOF semantics are documented, among other places, in the man page for theread()
syscall (man read
):RETURN VALUE On success, the number of bytes read is returned (zero indicates end of file), and the file position is advanced by this number.
If you want to send an actual
^D
(EOT) character through to the process reading standard input, you can escape it using the confusingly-namedlnext
function, which by default is bound to the^V
control character (aka SYN, “synchronous idle”, ASCII character 22):$ man stty|grep lnext -A1 * lnext CHAR CHAR will enter the next character quoted $ stty -a|grep lnext werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0;
Try it: you can type
echo "
and then ctrl-V and ctrl-D and then"|xxd
(and then enter) and you will see that this is sending ascii character 4.You can also send it with
echo -e '\x04'
. Note that the EOT character does not terminate bash:$ echo -e '\x04\necho see?'|xxd 00000000: 040a 6563 686f 2073 6565 3f0a ..echo see?. $ echo -e '\x04\necho see?'|bash bash: line 1: $'\004': command not found see?
As you can see, it instead interprets it as a command.
(Control characters are perfectly cromulent filenames btw...)
$ echo -e '#!/bin/bash\necho lmao' > ~/.local/bin/$(echo -en '\x04') $ chmod +x ~/.local/bin/$(echo -en '\x04') $ echo -e '\x04\necho see?'|bash lmao see?
Arthur Besse@lemmy.mlto Open Source@lemmy.ml•An open source, off-grid, decentralized, mesh network built to run on affordable, low-power devicesEnglish8·19 days ago!meshtastic@mander.xyz is the more active of the two lemmy communities about it
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•root (or sudo) access delay instead of passwordEnglish251·20 days agosure. first, configure sudo to be passwordless, or perhaps just to stay unlocked for longer (it’s easy to find instructions for how to do that).
then, put this in your
~/.bashrc
:alias sudo='echo -n "are you sure? "; for i in $(seq 5); do echo -n "$((6 - $i)) "; sleep 1; done && echo && /usr/bin/sudo '
Now “sudo” will give you a 5 second countdown (during which you can hit ctrl-c if you change your mind) before running whatever command you ask it to.
Arthur Besse@lemmy.mlMto Linux@lemmy.ml•Mysterious installation of ClamAv on my popos systemEnglish4·20 days agoto answer this question: if you’re on a dpkg-based system, check
/var/log/dpkg.log
(or/var/log/dpkg.log.2.gz
to get logs from January, if your system rotates them once a month).
the non-recursive part of this image is mildlyinfuriating