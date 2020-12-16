Explore the exciting features of the Howl text editor Howl is a general-purpose text editor written in Moonscript and Lua. It’s not focused on a specific programming language, and instead features support for many different languages and formats. In fact, it takes inspiration from "traditional" Unix editors like Emacs and Vim, so it feels familiar to anyone accustomed to that style of editing. It’s primarily a text-oriented interface, without dialogue boxes, toolbars, or a menu, and yet, it has many exciting features that make it feel a little like an IDE for authors, regardless of whether you write code or prose.

today's leftovers Chrome OS Developers highlight the Linux terminal in new promo video Google rolled out the new Terminal 2.0 for Crostini Linux back in late July and with it came some much-needed UI improvements to make the Chrome OS developer environment a little more user-friendly. With the update, users can now customize the terminal as well as open multiple terminal instances in a single window. Most of it is simply for show and has little to do with the functionality of the Terminal app but you can access and customize keyboard shortcuts to curate your personal workflow.

Great nonogram puzzler Pixross from Kenney is now on Steam and upgraded | GamingOnLinux After releasing for itch.io first Pixross, the nonogram puzzle game from Kenney, has now hopped on over to Steam and it also had a sweet upgrade for both stores. "Pixross is a picture logic puzzle game featuring 150+ unique puzzles, customization and extra challenges for each puzzle. Unlock new puzzle packs or customization options by completing puzzles!"

2020 MDN Web Developer Needs Assessment now available The 2020 MDN Web Developer Needs Assessment (DNA) report is now available! This post takes you through what we’ve accomplished in 2020 based on the findings in the inaugural report, key takeaways of the 2020 survey, and what our next steps are as a result. [...] We are aiming to follow up on key findings with further research in the next few months. This will involve picking some key areas to focus on, and then performing user interviews and further analysis to allow us to drill down into key areas of frustration to see what the way forward is to mitigating them.

State as Observables, State as Ngrx. Observables and Ngrx are complex. As with any technology, it is very very easy to forget what you are trying to accomplish as you wade through the details. Start and end by thinking "What do I want to accomplish". These tools are capable of taking a very complex problem and simplifying it. That has been my experience. But they are also capable of taking a simple situation and making it very complicated. Start with defining the State. It is the data the view needs to render over time. How would you think about this problem. Where is the data coming from? Usually an api. What does the data look like from the api? Usually not what you need for the view, so the observable chain or the reducer functions would take this maybe complex tree and transform it into what your view needs.

Beyond The Far Side: Thoughts on secure and private machines behind IPFire Following a certain unethical logic, it makes sense for an attacker to hit the weakest the hardest. Why bother with a reasonably secure firewall if the system behind it is missing important patches? Why try targeting the skilled IT staff - which will ignore the attempt at best, if not blocking your infrastructure for the entire network - if their stressful HR colleagues click on every link and open every document they see? As important as an IPFire's configuration is, this post focuses on the systems behind such a firewall, considering important aspects in terms of both security and privacy. [...] It may sound like an eternal mantra, but running closed-source software is a bad thing. While this does not necessarily make open-source software intrinsically secure or better in any terms whatsoever, examining, auditing or customising is easier by an order of magnitude. In case the vendor does not ship a security update or does not provide you with an easy solution to turn off unwanted features such as telemetry, then, at least in theory, you have the opportunity to fix that on your own. On the other hand, the vendor's conflict of interest is obvious: People do not pay for security fixes, and in order to make revenue, discontinuing support for older products and making users buy the new ones is a common strategy. The privacy side does not look better: German Federal Office for Information Security has been conducting a study on important aspects of Windows 10 in terms of security and digital sovereignty for years - it's abbreviation SiSyPHuS ("Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10", en: "Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10") speaks for itself. Recently having issues with their OCSP server, Apple was found to transmit information of executed applications in clear text every time they are executed, effectively leaking the user's activities and identity (i.e. IP address) to themselves, their CDN (Akamai), and everyone in between. In terms of privacy, running those operating systems is not just bad, it's not an option anymore. However, running an open-source operating system does not solve the cross-contamination discussed earlier. Running and maintaining a set of VMs just for doing different things is a lot of work both for using and configuring or patching them. In the authors opinion, Qubes OS aims to provide a useful and holistic solution to this problem. Trying to separate its users digital life according to his or her analogue one, it makes running and switching between multiple electronic lifes suitable for everyday use. Needless to say, this does not come for free - Qubes OS more demanding hardware requirements than common operating systems - and requires some time and effort for setup or customisation, and splitting up data into different VMs. Ultimately, the author believes it is worth the effort for both security and privacy.

The future for general-purpose computing There can be no doubt that general-purpose computing has been a boon to the world. The ability to run different kinds of programs, from various sources, including bought from companies, written from scratch, and, well, built from source, is something that we take for granted on many—most—of the computing devices that we own. But that model seems to be increasingly disappearing in many kinds of devices, including personal computers, as a recent kerfluffle in the Apple world helps to demonstrate. In mid-November, macOS users suddenly started having difficulty launching applications on their systems. It was taking minutes to launch applications and the timing seemed suspiciously aligned with the release of macOS "Big Sur" on the same day. It turned out that Apple's Online Certificate Status Protocol (OCSP) servers were overwhelmed or otherwise non-functional, which led to the problems. OCSP is used as part of the process of verifying notarized applications on macOS; those applications are signed by the developer's key. Apple signs the developer's public key, which is contained in a certificate similar to those used by TLS, but the system needs to check to ensure that the key has not been revoked. This check is performed at installation time and then each time the application is run. Normally, if the OCSP servers are not available, because they are down or the system is not connected to the internet, the connection will fail, which is treated as a "soft failure" so the certificate is considered valid. That way, the applications open immediately. During the outage, though, the servers were up but not responding correctly, so the applications would not launch until the connection timed out. That raised the visibility of the OCSP checking, which had already been going on in macOS for some time. The failure led to a rather over-the-top blog post by Jeffrey Paul that pointed out some major privacy flaws with OCSP, especially in relation to the checking that macOS Gatekeeper does to ensure that applications have valid signatures before running them. Every time an internet-connected macOS system starts an application, an OCSP query with a whole treasure trove of private information is sent to Apple. Obviously, the servers know what date and time the request was made and the IP address from which it was made; the latter greatly narrows down the geographic location of the system in question. There is also a hash sent for the certificate being queried, which Paul inaccurately called the "application hash". All of that gives Apple a bunch of data that folks may not really want to provide to the company, but the OCSP queries are made over unencrypted HTTP. So anyone able to see the traffic (e.g. ISPs, government spy agencies, WiFi hotspot providers) also gets a look at which applications the user is running, when they are running them, and where.