GNOME: Peter Hutterer's LIBEI Work, GUADEC and Mutter

GNOME
  • Peter Hutterer: libei - a library to support emulated input

    Let's talk about eggs. X has always supported XSendEvent() which allows anyone to send any event to any client [1]. However, this event had a magic bit to make it detectable, so clients detect and subsequently ignore it. Spoofing input that just gets ignored is of course not productive, so in the year 13 BG [2] the XTest extension was conceived. XTest has a few requests that allow you to trigger a keyboard event (press and release, imagine the possibilities), buttons and pointer motion. The name may seem odd until someone explains to you that it was primarily written to support automated testing of X servers. But no-one has the time to explain that.

    Having a separate extension worked around the issue of detectability and thus any client could spoof input events. Security concerns were addressed with "well, just ifdef out that extension then" which worked great until other applications started using it for input emulation. Since around ~2008 XTest events are emulated through special XTest devices in the server but that is solely to make the implementation less insane. Technically this means that XTest events are detectable again, except that no-one bothers to actually do that. Having said that, these devices only make it possible to detect an XTest event, but not which client sent that event. And, due to how the device hierarchy works, it's really hard to filter out those events anyway.

  • GUADEC ’20 experience

    Last days of July before 27th, I had been preparing my GUADEC 3 minutes presentation. It was an easy task because I introduce myself and what I was working on. Below I attached slides and speech if you want to review them. Also, I embedded presentation video where you can find my talk between 20:10 and 23:50.

    I attended to several talks about GNOME world and it is huge, that is my conclusion. There are a lot of projects and ideas that could improve GNOME and open-source environment, enhancing the world. Interns -and some of them, future contributors- are pushing tiny improvements and all of them are really important to improve GNOME ecosystem. Particularly, I want to mention last talks on “Intern lightning talks” when past interns that still on GNOME share their experience and their career inside and outside GNOME, letting us know what we can do next and where we can be in the future.

  • GNOME Mutter Code Further Tuned For Lowering Latency On NVIDIA Driver

    One of many performance optimization projects being pursued by Canonical's Daniel van Vugt in the GNOME space has been working to lower the latency when using NVIDIA's proprietary driver to address high latency spikes in certain situations as well as stuttering on the desktop. The Ubuntu developer has had patches under testing for months while this past week a latest revision was made available.

    Daniel van Vugt reworked the NVIDIA latency/stutter fixing patches. With the latest iteration there should be "even lower latency" and he now characterizes the latency handling as on par with the open-source graphics drivers.

Glances – A Versatile System Monitoring Tool for Linux Systems

The most commonly used command line tools for process monitoring on Linux are top and its colorful, feature rich cousin htop . To monitor temperature on Linux, you can use lm-sensors. Similarly, there are many utilities to monitor other real-time metrics such as Disk I/O, Network Stats and others. Glances is a system monitoring tool which ties them all together and offers a lot more features. What I like the most is that you can use run Glances on a remote Linux server and monitor the system resources on your local system or monitor it through your web browser. Here’s what it looks like. The terminal in the below screenshot has been beautified with Pywal tool that automatically changes the color based on wallpaper. Read more

Raspberry Pi HAT offers CAT-M1 modem

Avnet’s $73 “Monarch Go Pi HAT” integrates a Sequans Monarch Go LTE-M and NB-IoT modem and provides a interface for Click modules and the option to operate standalone via a micro-USB port. Avnet, which recently launched a Renesas ZMOD4410 Indoor Air Quality HAT, has followed up with another Raspberry Pi HAT, this time providing LTE Cat-M1 (LTE-M) and NB-IoT. The Monarch Go Pi HAT is pre-certified for Verizon with the help of a pre-installed Verizon ThingSpace IoT SIM and is designed for applications including asset tracking and remote monitoring. Other RPi HATs with LTE include MechaTracks’ 4GPi, which offers a higher-bandwidth CAT4 modem. Read more

Arduino and Raspberry Pi

  • CLI and IDE get better together

    Over the past two months our newly established Tooling Team has taken over operations concerning the Arduino CLI and Pro IDE. We’ve been silent at work in our little rooms, striving to come up with solutions to reported issues and feature requests. As time went on, the development of the CLI and Pro IDE has been moving forward in a parallel fashion, so here we bring you new versions of both applications for you to play with and build your workflows around.

  • The BallCuber is a robotic device capable of solving a 4x4x4 Rubik’s cube

    Rubik’s cubes are traditionally 3x3x3, and have been solved by robotic systems in a variety of different ways. But what about a 4x4x4 variant? Such a device presents expanded solving challenges, which creators Thibault and Florent were able to address with their BallCuber contraption. The BallCuber utilizes an independent camera unit to obtain the cube’s initial state, after which it’s placed in a spherical solving chamber ringed by nine NEMA 17 stepper motors.

  • Boston Dynamics’ Handle robot recreated with Raspberry Pi

    You in the community seemed so impressed with this recent Boston Dynamics–inspired build that we decided to feature another. This time, maker Harry was inspired by Boston Dynamics’ research robot Handle, which stands 6.5 ft tall, travels at 9 mph and jumps 4​ ​feet vertically. Here’s how Harry made his miniature version, MABEL (Multi Axis Balancer Electronically Levelled).

  • Raspberry Pi listening posts ‘hear’ the Borneo rainforest

Security Leftovers

  • Security updates for Tuesday

    Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends).

  • Security updates for Monday

    Security updates have been issued by Debian (firejail, icingaweb2, inetutils, libjackson-json-java, proftpd-dfsg, python2.7, software-properties, and sqlite3), Fedora (chrony), Mageia (chrony), openSUSE (dovecot23, postgresql12, and python), Slackware (bind), SUSE (gettext-runtime and SUSE Manager Server 3.2), and Ubuntu (bind9).

  • Consumer Reports Study Shows Many 'Smart' Doorbells Are Dumb, Lack Basic Security

    Like most internet of broken things products, we've noted how "smart" devices quite often aren't all that smart. More than a few times we've written about smart lock consumers getting locked out of their own homes without much recourse. Other times we've noted how the devices simply aren't that secure, with one study finding that 12 of 16 smart locks they tested could be relatively easily hacked thanks to flimsy security standards, something that's the primary feature of many internet of broken things devices.

  • Never Run ‘python’ In Your Downloads Folder

    As the category of attacks with the name “DLL Planting” indicates, there are many ways that browsers (and sometimes other software) can be tricked into putting files with arbitrary filenames into the Downloads folder, without user interaction.

    Browsers are starting to take this class of vulnerability more seriously, and adding various mitigations to avoid allowing sites to surreptitiously drop files in your downloads folder when you visit them.1

    Even with mitigations though, it will be hard to stamp this out entirely: for example, the Content-Disposition HTTP header’s filename* parameter exists entirely to allow the the site to choose the filename that it downloads to.

