today's leftovers
Whatever happened to SHA-256 support in Git? [LWN.net]
The news has been proclaimed loudly and often: the SHA-1 hash algorithm is terminally broken and should not be used in any situation where security matters. Among other things, this news gave some impetus to the longstanding effort to support a more robust hash algorithm in the Git source-code management system. As time has passed, though, that work seems to have slowed to a stop, leaving some users wondering when, if ever, Git will support a hash algorithm other than SHA-1.
Hash functions are, of course, at the core of how Git works. Every object in its data store — every version of every file, among other things — is hashed, with the resulting value serving as the key under which that object is stored. Commits, too, are represented by a hash of the current state of the tree, the commit message, and the hash(es) of the parent commit(s). The security of the hash function is a key part of the integrity of a repository as a whole. If an attacker could replace a commit with another having the same hash value, they could perhaps inject malicious code into a repository without risking detection. That prospect is worrisome to anybody who depends on the security of code stored in Git repositories — everybody, in other words.
The Git project has long since chosen SHA-256 as the replacement for SHA-1. Git was originally written with SHA-1 deeply wired into the code, but all of that code has since been refactored and can handle multiple hash types, with SHA-256 being the second supported type. It is now possible to create a Git repository using SHA-256 (just use the --object-format=sha256 flag) and most local operations will work just fine. The foundation for support of alternative hash algorithms in Git was part of the 2.29 release in 2020 and appears to be solid.
This Week In Rust: This Week in Rust 45
This small Space Invaders game runs on an Arduino Nano with a salvaged CRT display | Arduino Blog
Rob Cai over on Instructables has created his own version of the classic video game Space Invaders using an Arduino Nano. However, unlike most other projects that would typically incorporate some kind of LCD or OLED screen, he chose to use a small black and white cathode ray tube (CRT) display recovered from an old video intercom system.
As his first step, Cai needed to locate the analog-only video input on the salvaged screen as well as find its rated supply voltage. From here, he built a very minimalistic tiny arcade cabinet out of cardboard and used hot glue to join the panels together. But before he could assemble anything, Cai wrote his port of Space Invaders by designing several kinds of 2D sprites and loading them into a few arrays. Outputting a video signal was accomplished via the use of the TVout library, which takes an array of pixels and writes them sequentially to the designated RCA video output pin, as well as syncing each frame with a secondary pin.
Using Longhorn v1.3 CSI snapshots for backup and recovery with CloudCasa
The Developers focus, the Team quickens
The Linux Link Tech Show Episode 960
Unleashing the Librem 14
With the Librem 14 laptop we went a couple of new ways all at once. First of all this is the most custom laptop design we have done so far. It embodies everything we wanted to have – at the time of writing the specification. But not only that, with the Librem 14 we also started to use a liberated embedded controller (EC) firmware, besides Coreboot / PureBoot of course. The EC is a pretty primitive microcontroller that evolved from the old PC keyboard controllers. Basically it is a tiny CPU running a tiny program that does a very limited set of tasks, controlling the keyboard is still one of them. The EC also controls the power up and power down of the laptop, sequencing the different voltages, making sure that all supply voltages are OK and turned on and off at the right time etc. Additionally the EC controls functions like battery charging and maintains active communication with the main Intel CPU, to feed keyboard events into it but also to poke out information like the current temperature of the Intel package so that the EC can spin up the fans when necessary.
Today in Techrights
today's howtos
Videos: Accessibility, FreeCAD, and Matrix.org
