Skip Navigation

IHeartBadCode

@ IHeartBadCode @kbin.social

Posts
1
Comments
51
Joined
3 yr. ago

  • Snap store from Canonical (Ubuntu) hit with another crypto scam app

    Jump

  • It absolutely could. Heck, RPMs and DEBs pulled from random sites can do the exact same thing as well. Even source code can hide something if not checked. There's even a very famous hack presented by Ken Thompson in 1984 that really speaks to the underlying thing, "what is trust?"

    And that's really what this gets into. The means of delivery change as the years go by, but the underlying principal of trust is the thing that stays the same. In general, Canonical does review somewhat apps published to snapcraft. However, that review does not mean you are protected and this is very clearly indicated within the TOS.

    14.1 Your use of the Snap Store is at your sole risk

    So yeah, don't load up software you, yourself, cannot review. But also at the same time, there's a whole thing of trust here that's going to need to be reviewed. Not, "Oh you can never trust Canonical ever again!" But a pretty straightforward systematic review of that trust:

    • How did this happen?
    • Where was this missed in the review?
    • How can we prevent this particular thing that allowed this to happen in the future?
    • How do we indicate this to the users?
    • How do we empower them to verify that such has been done by Canonical?

    No one should take this as "this is why you shouldn't trust Ubuntu!" Because as you and others have said, this could happen to anyone. This should be taken as a call for Canonical to review how they put things on snapcraft and what they can do to ensure users have all the tools so that they can ensure "at least for this specific issue" doesn't happen again. We cannot prevent every attack, but we can do our best to prevent repeating the same attack.

    It's all about building trust. And yeah, Flathub and AppImageHub can, and should, take a lesson from this to preemptively prevent this kind of thing from happening there. I know there's a propensity to wag the finger in the distro wars, tribalism runs deep, but anything like this should be looked as an opportunity to review that very important aspect of "trust" by all. It's one of the reasons open source is very important, so that we can all openly learn from each other.

  • Romney: If your position is being cheered by Vladimir Putin, it’s time to reconsider your position. (5:02)

    Jump

  • US Military (NATO) moving closer to Russia was a provacation that started decades ago

    Because Russia during the Soviet era gave Europe every reason to believe the Russian desire to return to 1850s borders. Which that was distinctly something that wasn't going to happen because it would prompt the exact same situation that begat World War I.

    So yeah. Duh! After World War II one would think that "oh let's finish this as oppose to leaving it hang like we did in WWI" would be something of paramount importance. Much to the chagrin of Russia who thought that they'd get a nice fat cut of the spoils with Germany's defeat. Surprise the other two members of the Alliance wanted to kind of go the other direction and dismantle colonial Europe and Africa. That's why Africa post WWII became, well, what it is mostly today.

    NATO and the response thereafter has been to ensure independent nations within Europe. Russia has wanted to revive the "glory days" of the Muscovy. So you tell me, who's being provocative of who? Russia is still angry they didn't get a lion's share of Europe post-WWII seeing how they sent the most lives to die in the war, and the US was tired of having to deal with Europe every so often and isolationism just wasn't fucking working.

    Have you seen that we have 800+ military bases outside of the US

    Yeah have you also seen the UK's or France's? Note anything about those countries and who's who in WWII? Russia still wants that good old colonialism. I'm mean you need no further evidence of such than Crimea, or Russia's attitude towards Georgia, or we we can keep going on and on.

    Now. The other guys UK/France/US, see they have moved on to, let's call it economic colonialism. Now the Nation doesn't technically have foreign governments dictating policy per se, but they use the allure of the dollar to ensure there's a bias towards being friendly. Is it a better system? It's pros and cons. It's sort of how Russia attempts to play that same game with Baltic nations and energy, to which they're abjectly losing on that front. US kind of top tiered the banking industry early in the game, which pros and cons to that too (see Housing Crisis and how US banks can bring down the world's economy).

    But the point being is the military bases that being an argument for... What? There's an economic investment that a lot of nations have put in, Russia included, why do you think they have bases in Libya and Sudan? Why do you think Turkey has the relationship it does with Russia even though it's an EU member?

    Our US politicians/military would need to be for negotations, which they are not for, at least majority are not.

    Putin doesn't want to negotiate. Just full stop. There is a projection of strength that Putin has to maintain to keep the level of support he has. The second he says "Oopsie! I guess I got a lot of our fellow citizens killed for no reason." Is the second his key supporters turn on his ass.

    endless wars that are pushed for profits

    Who do you think is pushing Putin? You keep going on and on about the rich in the US, you keep forgetting rich assholes are the world around. Until the entire planet gathers around for Kumbaya and unites to destroy greed, guess what we're going to have to deal with? It's not a unique US issue, everyone likes to think that the US has some sort of monopoly on rich asshats, they do not. Putin has territorial aspirations and the rich are looking to profit from that desire. So don't give me this crap that only rich US fuckers want war in perpetuity. There are rich shitheads in every country looking to provoke their nation du jour into some conflict that potentially enriches them. It's just fun to punch on the US versions of them because the US has a lot of them, with the whole banking system being as it is. But they're everywhere, Russia included.

    You seem to be going on and on about wars and rich people and I've got no complaint there, but how the fuck does that even fit into your "Oh NATO be provocating!!" Russia be doing it too. "Oh rich people just want to profit!!" Russia has that same fucking problem. I'm not seeing your argument for why the US and Russia aren't exactly what I just said.

    if person A is acting shitty and person B is acting shitty, why are you expecting non-shitty behavior to come from either?

    Your commentary on rich vs poor, yeah cool. What's that got to do with the price of tea in China? Russia wants it's land, taking all that land would set us up exactly like what led to World War I. That, to me, does not seem like a good idea to let happen. Russia needs to fucking chill. NATO gets to stay because Europe needs integration not separation. The latter just keeps leading to global conflict, which seems less than ideal to most people.

  • Romney: If your position is being cheered by Vladimir Putin, it’s time to reconsider your position. (5:02)

    Jump

  • Putin is much more than a boogeyman because, as is currently on demonstration, he follows through on his desire to conquer.

    It’s fun to say boogeyman because it attempts to put our current events as infantile. But Putin is indeed marching in Ukraine, so he’s distinctly NOT a boogeyman when he’s actually doing that whole war thing.

    pushing for endless wars

    The wars can end on that front the second Putin decides to go home.

    As for the US military industrial complex, cool, we can have that conversation when fucksticks in Russia are no longer acting like fucksticks. But they’ve sorta been doing that whole being a giant douche since WWII ended.

    That’s not to justify America’s shitty logic, but to point out if person A is acting shitty and person B is acting shitty, why are you expecting non-shitty behavior to come from either?

    So it’s endless wars until BOTH countries stop collectively being shitty. Which that’s kind of hard when Putin gets a continual erection from being shitty to Europe.

    So you tell Vlad when he’s ready to stop buttering his nipples on making sure Europe live their lives in continued fear and inflated energy prices, we can talk about that whole endless war thing.

  • Gaza Health Ministry says over 29,000 Palestinians have been killed in Israel-Hamas war

    Jump

  • I’m not going to read any responses.

    This is likely the wisest part of any comment that's going to be on this thread. 🤞hopefully I'm wrong.

  • "Linux Sucks" Sucks. Here's Why

    Jump

  • Do you know who Bryan Lunduke is? That's what this video is about.

    If that name happens to not ring a bell, you aren't missing anything.

  • Israel Held 82-year-old Gaza Woman With Alzheimer's for Two Months as an 'Unlawful Combatant'

    Jump

  • Where’s the demand for Hamas to end the conflict and to release the hostages?

    Israel hasn’t shown any good faith. I think given the situation, if Hamas completely capitulated it would just hasten their complete extermination.

    I honestly cannot say that Israeli would show restraint in a surrender, they’ve displayed none and their rhetoric hasn’t indicated any.

    If Hamas was to surrender, I don’t think it would lead to peace because Israel does not look like peace is what they want. I think it would lead to millions being murdered because it seems that is what Israel wants.

    I don’t disagree with a need for deescalating the situation and some olive branches being brought out, but Israeli leadership themselves are saying things like the goal is to completely destroy Hamas and Palestinian. That’s genocide talk and Israel hasn’t given us any reason to doubt their ambitions.

    I get what you’re saying, but Israel is taking and acting like the bully in a school fight that doesn’t know when the fight’s over. In three months, one percent of the entire population of Gaza has been killed. When a battle starts hitting significant measurable percentage of the civilian population, a wise nation would pause the hostilities and reassess. Israel has done quite the opposite and tripled down on their incursion.

    There’s no indication that Hamas doing anything to reduce the situation would actually lead to an outcome that would actually reduce the situation. And there’s every indication that doing so would actually speed up their and their civilian population’s demise.

  • Panama Canal Drought Slows Cargo Traffic

    Jump

  • And just so everyone remembers this, Lake Gatún is the primary water source for fresh water in the area.

    That little facet plays a non-zero role in any discussion about travel along the canal.

    And for those wondering how a canal “uses” water. At some point a lake that was never connected to the ocean, has some small amount of it discharge into the ocean every time a boat moves through the canal.

    You can use all kinds of partitions and fancy pumps to reduce the amount of salt water that gets in and fresh water that leaves, but you can never get it to zero. There will always be some salt water getting into the lake and some fresh water making it to the ocean. And that value begins to add up when you have thousands of boats.

  • The Twike Is A Terrifying Three-Wheeled EV With Bicycle Pedals

    Jump

  • Considering the trike nature of the, and I use this term very generously, vehicle and the poor steering mechanism that was on display in that video. This is indeed just that suicide booth with extra steps.

  • Women STEM students up to twice as likely as non-STEM students to have experienced sexism

    Jump

  • Interesting; you have to dig past the usual misandry sites to find an impartial source but Pew research found 53% of stem graduates female in 2018 and rising

    I mean, at this point you're just cherry picking and not doing all that well with it. As indicated from, again YOUR source.

    The gender dynamics in STEM degree attainment mirror many of those seen across STEM job clusters. For instance, women earned 85% of the bachelor’s degrees in health-related fields, but just 22% in engineering and 19% in computer science

    That lines up with the whole thing I had mentioned here. You keep wishing otherwise, but you also keep providing evidence to the contrary.

    So I mean at some point I guess you'll read your own sources OR you won't. But the sources you keep providing agree with the original statement that women are under represented in traditional STEM studies. So I mean you square that with yourself however you want.

  • Women STEM students up to twice as likely as non-STEM students to have experienced sexism

    Jump

  • Nah you’re still being disingenuous. The stats don’t lie - even the stats you provided

    I mean you provided those last stats I just gave. That's literally taken from your link.

    I would have thought you’d be happy to see stem taken over by women

    I think you're conflating how I feel to facts. Fact is the 38.6% figure I quoted from your article. How I feel about it or the price of gasoline is notwithstanding.

  • Women STEM students up to twice as likely as non-STEM students to have experienced sexism

    Jump

  • Well I mean, do you read the links you provide?

    While women now account for 57% of bachelor's degrees across fields and 50% of bachelor's degrees in science and engineering broadly (including social and behavioral sciences), they account for only 38% of bachelor's degrees in traditional STEM fields (i.e., engineering, mathematics, computer science, and physical sciences; Table 1).

    There's where your 50% comes from. And as you can see, your link also aligns with the 38.6% previously mentioned.

    See? Now was that hard? See how once you explained yourself we could clear up the confusion you were having? Nothing wrong with that, easy to be confused by the various terms that are being tossed around.

  • Women STEM students up to twice as likely as non-STEM students to have experienced sexism

    Jump

  • What are you even going on about? It literally says:

    Women represent 57.3% of undergraduates but only 38.6% of STEM undergraduates

    That means women are obtaining most of their degrees via non-STEM studies.

    Women represent 52% of the college-educated workforce, but only 29% of the science and engineering workforce.

    And that is reflected in the study's figures for employment as well.

    I’d search for another but people shooting themselves in the foot amuses me to know end

    Well let's look over the score here. Someone has provided two different links to back up their argument and you've provided… Oh look, none. You're making claims and pointing out things that clearly do not exist or are anecdotal. Nothing you have done in the last three comments indicates to anyone that any of us should take anything you have to say with any kind of value.

    So I guess you are amused to know [sic] end, but a point or logical argument you have not made. But hey if you thinking you took the W here and that keeps you quiet, then good job you totally owned everyone here. Amazing wordsmithing.

  • 'It hasn't delivered': The spectacular failure of self-checkout technology

    Jump

  • I think they mean ID as store loyalty card and/or membership card. Not actual government issued ID.

  • Fedora 40 Looks To Ship AMD ROCm 6 For End-To-End Open-Source GPU Acceleration

    Jump

  • Both are vendor specific implementations of processing on GPUs. This is in opposition to open standards like OpenCL, which a lot of the exascale big boys out there mostly use.

    nVidia spent a lot of cash on "outreach" to get CUDA into a lot of various packages in R, python, and what not. That did a lot of displacement from OpenCL stuff. These libraries are what a lot of folks spin up on as most of the leg work is done for them in the library. With the exascale rigs, you literally have a team that does nothing but code very specific things on the machine in front of them, so yeah, they go with the thing that is the most portable, but doesn't exactly yield libraries for us mere mortals to use.

    AMD has only recently had the cash to start paying folks to write libs for their stuff. So were starting to see it come to python libs and what not. Likely, once it becomes a fight of CUDA v ROCm, people will start heading back over to OpenCL. The "worth it" for vendor lock-in for CUDA and ROCm will diminish more and more over time. But as it stands, with CUDA you do get a good bit of "squeezing that extra bit of steam out of your GPU" by selling your soul to nVidia.

    That last part also plays into the "why" of CUDA and ROCm. If you happen to NOT have a rig with 10,000 GPUs, then the difference between getting 98% of your GPU and 99.999% of your GPU means a lot to you. If you do have 10,000 GPUs, having like a 1% inefficiency is okay, you've got 10,000 GPUs the 1% loss is barely noticeable and not worth it to lose portability with OpenCL.

  • Fedora 40 Looks To Ship AMD ROCm 6 For End-To-End Open-Source GPU Acceleration

    Jump

  • Data science term. Means everything runs inside the GPU entirely. No CPU or system RAM outside of the (usually Python) interface that started, monitors, and collects the result of the job.

    ROCm is AMD’s solution to CUDA that covers for nVidia.

  • What's your current favorite distro that isn't Arch, Debian or Fedora?

    Jump

  • PopOS. Mostly because I’m really interested in their Rust based DE that’s to replace Gnome.

  • Wife of financier who called for Harvard head’s exit faces plagiarism allegations | The Guardian

    Jump

  • Generally Overt Projection at it again.

  • KDE's Nate Graham On X11 Being A Bad Platform & The Wayland Future

    Jump

  • One of the specific issues from those who've worked with Wayland and is echoed here in Nate's other post that you mentioned.

    Wayland has not been without its problems, it’s true. Because it was invented by shell-shocked X developers, in my opinion it went too far in the other direction.

    I tend to disagree. Had say the XDG stuff been specified in protocol, implementation of handlers for some of that XDG stuff would have been required in things that honestly wouldn't have needed them. I don't think infotainment systems need a concept of copy/paste but having to write:

     
        
Some_Sort_Of_Return handle_copy(wl_surface *srf, wl_buffer* buf) {
//Completely ignore this
return 0;
}

Some_Sort_Of_Return handle_paste(wl_surface *srf, wl_buffer* buf) {
//Completely ignore this
return 0;
}

    Is really missing the point of starting fresh, is bytes in the binary that didn't need to be there, and while my example is pretty minimal for shits and giggles IRL would have been a great way to introduce "randomness" and "breakage" for those just wanting to ignore this entire aspect.

    But one of those agree to disagree. I think the level of hands off Wayland went was the correct amount. And now that we have things like wlroots even better, because if want to start there you can now start there and add what you need. XDG is XDG and if that's what you want, you can have it. But if you want your own way (because eff working nicely with GNOME and KDE, if that's your cup of tea) you've got all the rope in the world you will ever need.

    I get what Nate is saying, but things like XDG are just what happened with ICCCM. And when Wayland came in super lightweight, it allowed the inevitably of XDG to have lots of room to specify. ICCCM had to contort to fit around X. I don't know, but the way I like to think about it is like unsalted butter. Yes, my potato is likely going to need salt and butter. But I like unsalted butter because then if I want a pretty light salt potato, I'm not stuck with starting from salted butter's level of salt.

    I don't know, maybe I'm just weird like that.

  • KDE's Nate Graham On X11 Being A Bad Platform & The Wayland Future

    Jump

  • Over on Nate's other blog entry he indicates this:

    The fundamental X11 development model was to have a heavyweight window server–called Xorg–which would handle everything, and everyone would use it. Well, in theory there could be others, and at various points in time there were, but in practice writing a new one that isn’t a fork of an old one is nearly impossible

    And I think this is something people tend to forget. X11 as a protocol is complex and writing an implementation of it is difficult to say the least. Because of this, we've all kind of relied on Xorg's implementation of it and things like KDE and GNOME piggyback on top of that. However, nothing (outside of the pure complexity) prevented KWin (just as an example) implementing it's own X server. KWin having it's own X server would give it specific things that would better handle the things KWin specifically needed.

    Good parallel is how crazy insane the HTML5 spec has become and how now pretty much only Google can write a browser for that spec (with thankfully Firefox also keeping up) and everyone is just cloning that browser and putting their specific spin to it. But if a deep enough core change happens, that's likely to find its way into all of the spins. And that was some of the issue with X. Good example here, because of the specific way X works an "OK" button (as an example) is actually implemented by your toolkit as a child window. Menus those are windows too. In fact pretty much no toolkit uses primitives anymore. It's all windows with lots and lots of text attributes. And your toolkit Qt, Gtk, WINGs, EFL, etc handle all those attributes so that events like "clicking a mouse button" work like had you clicked a button and not a window that's drawn to look like a button.

    That's all because these toolkits want to do things that X won't explicitly allow them to do. Now the various DEs can just write an X server that has their concept of what a button should do, how it should look, etc... And that would work except that, say you fire up GIMP that uses Gtk and Gtk has it's idea of how that widget should look and work and boom things break with the KDE X server. That's because of the way X11 is defined. There's this middle man that always sits there dictating how things work. Clients draw to you, not to the screen in X. And that's fundamentally how X and Wayland are different.

    I think people think of Wayland in the same way of X11. That there's this Xorg that exists and we'll all be using it and configuring it. And that's not wholly true. In X we have the X server and in that department we had Xorg/XFree86 (and some other minor bit players). The analog for that in Wayland (roughly, because Wayland ≠ X) is the Compositor. Of which we have Mutter, Clayland, KWin, Weston, Enlightenment, and so on. Which that's more than just one that we're used to. That's because the Wayland protocol is simple enough for these multiple implementations.

    The skinny is that a Compositor needs to at the very least provide these:

    • wldisplay - This is the protocol itself.
    • wlregistry - A place to register objects that come into the compositor.
    • wlsurface - A place for things to draw.
    • wlbuffer - When those things draw there should be one of these for them to pack the data into.
    • wloutput - Where rubber hits the road pretty much, wlsurface should display wlbuffer onto this thing.
    • wlkeyboard/wltouch/etc - The things that will interact with the other things.
    • wlseat - The bringing together of the above into something a human being is interacting with.

    And that's about it. The specifics of how to interface with hardware and what not is mostly left to the kernel. In fact, pretty much compositors are just doing everything in EGL, that is KWin's wlbuffer (just random example here) is a eglCreatePbufferSurface with other stuff specific to what KWin needs and that's it. I would assume Mutter is pretty much the same case here. This gets a ton of the formality stuff that X11 required out of the way and allows Compositors more direct access to the underlying hardware. Which was pretty much the case for all of the Window Managers since 2010ish. All of them basically Window Manage in OpenGL because OpenGL allowed them to skip a lot of X, but of course there is GLX (that one bit where X and OpenGL cross) but that's so much better than dealing with Xlib and everything it requires that would routinely require "creative" workarounds.

    This is what's great about Wayland, it allows KWin to focus on what KWin needs, mutter to focus on what mutter needs, but provides enough generic interface that Qt applications will show up on mutter just fine. Wayland goes out of its way to get out of the way. BUT that means things we've enjoyed previously aren't there, like clipboards, screen recording, etc. Because X dictated those things and for Wayland, that's outside of scope.

  • YouTube can't stop showing me AI deepfake ads

    Jump

  • Most of the ads I've seen appear to be targeted at conservative Americans, as they're all latching onto a mistrust in U.S. President Biden and the federal government

    LUL. Well at least they know their mark.

    中華人民共和國政府僱員 A: 您认为我们应该针对谁?

    中華人民共和國政府僱員 B: 那些买马膏来治病的人怎么样?

    中華人民共和國政府僱員 A: 木瓦哈哈哈!!