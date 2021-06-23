KDE and GTK/GNOME
I modified the code as suggested by my mentors that were related to coding conventions(according to C++, Qt and KDE).
After adding the new members to the AlkOnlineQuoteSource constructor. I jumped into writing the unit tests. I realized that I haven’t added the new members in the function signature. After adding that, I build the files to check what all things break related to the constructor’s usage.
Thanks to the work done by Josè Expòsito, libinput 1.19 will ship with a new type of gesture: Hold Gestures. So far libinput supported swipe (moving multiple fingers in the same direction) and pinch (moving fingers towards each other or away from each other). These gestures are well-known, commonly used, and familiar to most users. For example, GNOME 40 recently has increased its use of touchpad gestures to switch between workspaces, etc. Swipe and pinch gestures require movement, it was not possible (for callers) to detect fingers on the touchpad that don't move.
This gap is now filled by Hold gestures. These are triggered when a user puts fingers down on the touchpad, without moving the fingers. This allows for some new interactions and we had two specific ones in mind: hold-to-click, a common interaction on older touchscreen interfaces where holding a finger in place eventually triggers the context menu. On a touchpad, a three-finger hold could zoom in, or do dictionary lookups, or kill a kitten. Whatever matches your user interface most, I guess.
The second interaction was the ability to stop kinetic scrolling. libinput does not actually provide kinetic scrolling, it merely provides the information needed in the client to do it there: specifically, it tells the caller when a finger was lifted off a touchpad at the end of a scroll movement. It's up to the caller (usually: the toolkit) to implement the kinetic scrolling effects. One missing piece was that while libinput provided information about lifting the fingers, it didn't provide information about putting fingers down again later - a common way to stop scrolling on other systems.
Previously, If you wanted to do this, you had to remove all your tags and then print, only to restore them afterwards. This should be a lot more convenient for people writing various GtkSourceView-based text editors. Although, I’m suspect many of them weren’t even doing this correctly to begin with, hence this PSA.
Education Leftovers
In recent years, many US universities have transferred their online learning to contractors with increasing frequency, positioning them as “partners”. They manage everything from enrolment to graduation and certification and provide the web-based learning platforms that encompass all audio, video and text components, whether asynchronous, in real time or both. The results are worrisome.
I think I got started running conferences in 2002 when I helped with Open Source Weekend 2003. The next year, I started BSDCan. Three years later, PGCon start. All up, I think I’ve run at least 32 conferences, two of which have been online: BSDCan 2020 and PGCon 2020.
This article was planned before the conferences were held. There have been requests to share what we did, why, and how it went.
This is still the first draft, and for the most part is a brain dump of everything I can remember.
In general, I will refer to BSDCan, but unless otherwise noted, such references can also be to PGCon.
Open fest 2021 will be provided in normal face to face format in the open space – the King Boris garden – “Maimunarnika” where up to 1200 people can be hosted.
Programming Leftovers
Apache Kafka is a vital piece of infrastructure for teams adopting an event-driven architecture. By connecting applications with minimal coupling, event-driven architecture lets teams create distributed, fault-tolerant applications using the runtimes most appropriate for the specific task and team. However, managing infrastructure and Kafka clusters is a complex and time-consuming task. A managed Kafka service such as Red Hat OpenShift Streams for Apache Kafka allows teams to focus on delivering applications, while Red Hat takes care of their Kafka infrastructure.
Once your Kafka infrastructure is in place, you'll want to start developing applications using your preferred runtimes. This article focuses on Node.js, which has become one of the most popular runtimes for cloud-native application development. Integrating Node.js applications with their organization's broader event-driven architecture based on Kafka is critical for developers.
This article demonstrates how to connect and authenticate your Node.js applications to OpenShift Streams for Apache Kafka using the Service Binding Specification for Kubernetes. The Service Binding spec says that it "aims to create a Kubernetes-wide specification for communicating service secrets to applications in an automated way." Figure 1 shows a high-level overview of the interactions between the components in this specification. Don’t worry if you’re not yet familiar with these components or concepts; this article walks you through each step.
There are some discrepancies between the information on Seeed Studio and MXCHIP’s product page, notably with the former claiming Bluetooth 5.0 supports but I’d assume it would be without long-range nor higher bandwidth (2 Mbps) support in any cases.
There aren’t any software development resources that I could find on either website, but the datasheet reads...
There are several open-source tools available for security researchers. Now, GitLab has introduced a new one to the arsenal that lets you detect malicious code in dependencies.
The tool is also known as “Package Hunter” and is an important addition that could help secure every type of software.
Some time ago, I noticed that a unit test was quite slow, using 100% CPU for a number of seconds at one point in the test.
I used perf and KDAB’s Hotspot to record and examine where the CPU cycles were spent in that unit test, and I quickly noticed that a lot of time was spent in QFileSystemEntry::fileName(), an internal method in Qt that’s called when listing directories with QDir.
Building maximally general technology, and then adding a final layer of interface, marketing, and narrative that makes it all seem specific, is part of the challenge of making things people will buy.
A new package RcppFarmHash is now on CRAN in an inaugural version 0.0.1.
RcppFarmHash wraps the Google FarmHash family of hash functions (written by Geoff Pike and contributors) that are used for example by Google BigQuery for the FARM_FINGERPRINT.
The package was prepared and uploaded yesterday afternoon, and to my surprise already on CRAN this (early) morning when I got up. So here is another #ThankYouCRAN for very smoothing operations.
The 1.54.0 pre-release is ready for testing. The release is scheduled for this Thursday, July 29th. Release notes can be found here.
Proprietary Software and Security
Microsoft has acknowledged a newly-discovered version of an attack on a long-vulnerable Windows single sign-on protocol called NTLM — short for New Technology LAN Manager — that is still used in the operating system as a backup to the newer Kerberos authentication protocol.
One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the U.S. Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.
Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company, declared force majeure at the country’s key container terminals after disruptions caused by a cyber attack five days ago.
Leading cybersecurity firm Sophos on Monday warned users that popular chat platform Discord is being used by [cr]ackers for spreading malware.
The firm said that the findings are based on analysis of more than 1,800 malicious files detected by Sophos telemetry on the Discord Content Management Network (CDN).
Texas communities struggled for days with disruptions to core government services as workers in small cities and towns endured a cascade of frustrations brought on by the sophisticated cyberattack, according to thousands of pages of documents reviewed by The Associated Press and interviews with people involved in the response. The AP also learned new details about the attack’s scope and victims, including an Air Force base where access to a law enforcement database was interrupted, and a city forced to operate its water-supply system manually.
Egregor has since disappeared, following an international sting in February. Now, though, more than 100 pages of Egregor negotiation transcripts — obtained and analyzed by IBM Security X-Force and its partner company Cylera, and reviewed by CyberScoop — shed light on the oft-opaque structure of a ransomware operation. The discussion records also demonstrate how victims proved most effective at convincing their extortionists to reduce the amount demanded to decrypt their systems, with one medical organization turning a $15 million ransom into a $2 million payment.
I recently learned that all that is required for someone to take out a loan in some random USA citizen's name is that citizen's full name, postal address, email address, date of birth, and social security number. If you are above a certain age, all of these are for all intents and purposes a matter of public record. If you are younger, then your social security number is of course supposed to be secret—and it will be, right up to that data breach that makes it available to all the wrong people.
This sort of thing can of course be a bit annoying to our involuntarily generous USA citizen. Fortunately, there are quite a few things you can do, although I will not try to reproduce the entirety of the volumes of good advice that are available out there. Especially given that laws, processes, and procedures are all subject to change.
If for some reasons you want to block all your traffic except traffic going through Tor, here is how to proceed on OpenBSD.
The setup is simple and consists at installing Tor, running the service and configure the firewall to block every requests that doesn't come from the user _tor used by Tor daemon.
There’s massive confusion in the security community around Security Through Obscurity.
In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy, meaning if you hide anything, it’s Security Through Obscurity.
This is incorrect, and Dead Drops are a great example.
Consider a service invoking webhooks. It will be running with limited data access but must be able to communicate with the entire Internet. Contrast that to an SSH session that’s been opened for troubleshooting purposes. It will have access to the entire machine but does not egress to an arbitrary IP.
