Derivation: Peppertown video-game by Congusbongus and StarNavigator

Thanks to the authors because the game is fully open-source and released on Github under the MIT License [2]. It was made with FLOSS tools (GIMP, VS Code, Phaser, Audacity, git, Tiled) for the MiniJam22 contest [3] and congratz to Congusbongus and StarNavigator for reaching the 2nd place with Peppertown!

What security does a default OpenBSD installation offer? (by solene@)

In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation.

Jonathan Dieter: WANPIPE and DAHDI COPR for EL8

At Spearline, we have a number of servers around the world with Sangoma telephony cards, which use the out-of-tree wanpipe and dahdi kernel modules. As we’ve been migrating our servers from CentOS 6 to SpearlineOS, one of the problems we’ve hit has been the out-of-tree modules don’t compile against the EL8 kernels that we use as the base for SpearlineOS. [...] If there’s any interest in using the kmod RPMs without the other packages in the COPR, I could look at splitting them into a separate COPR. Please email me if you would like me to do this.

Mousepad 0.5.3 Is Released

The Xfce team has released another version of the extremely plain and simple Mousepad editor. The latest version has a keybinding for resetting the font size and some small fixes. It still lacks absolutely everything beyond the ability to edit text and load and save files. [...] Mousepad still lacks all the features other simple text-editors like KWrite have beyond the very basic ability to edit text. There is no syntax high-lighting, there is no spell-checker, you can't select text and make it uppercase or lowercase or much else for that matter. It does have a search-and-replace function, and you can load and save files, and you can even have multiple files open in tabs. It does have those things going for it even though it is severely lacking in all other areas.

My Firefox addons as of Firefox 86 (and the current development version)

I was recently reminded that my most recent entry on what Firefox addons I use is now a bit over a year old. Firefox has had 14 releases since then and it feels the start of January 2020 was an entirely different age, but my Firefox addons have barely changed in the year and a bit since that entry. Since they have updated a very small amount, I'll repeat the whole list just so I have it in one spot for the next time around.

Delegation of responsibility for spec finalisation

Sean is a natural choice for me to delegate this task to. He has been involved in the development of the Gemini specification for longer than anybody other than myself - he was the first person to actually implement the protocol in software, transforming it from the largely academic thought experiment that I had created it as into an actual real world project. He is the developer of a Gemini server (GLV-1.12556) and the admin of a server running it (gemini://gemini.conman.org), which means the details of the specification are of direct and practical relevance to him. He has a long-standing presence in Gopherspace, where the Gemini project was born, and therefore understands and appreciates the value of simple-by-design systems with limited scope. Finally, he has an excellent track record of constructively engaging with the mailing list even at its busiest and most frantic, which certainly can no longer be said for me. For all these reasons I trust him to make good decisions on the basis of careful consideration.

A Saturday waste of CPU cycles: building time_t values

It was bad enough trying to split up all of those date strings into their constituent parts - year, month, day - all of that stuff. But, then when I tried to consistently turn them back into a time_t, I ran into a bunch of other problems. That lead to the post called time handling is garbage. That then lead into the followup post three months later which talked about making time_t values without using mktime and the TZ variable.

Revisiting Html in Java

Some time ago I wrote a post about creating an embedded dsl for Html in Java. Sadly, it was based on an abuse of lambda name reflection that was later removed from Java. I thought I should do a followup because a lot of people still visit the old article. While it’s no longer possible to use lambda parameter names in this way, we can still get fairly close.

Use Dash as /bin/sh

I want startup scripts and everything that has a #!/bin/sh shebang to use the lightest possible shell by default, but I still want my trusty bash in interactive terminal sessions, and for complex scripts.

How to Use Group by in Pandas Python – Linux Hint

Pandas group by function is used for grouping DataFrames objects or columns based on particular conditions or rules. Using the groupby function, the dataset management is easier. However, all related records can be arranged into groups. Using the Pandas library, you can implement the Pandas group by function to group the data according to different kinds of variables. Most developers used three basic techniques for the group by function. First, splitting in which data divide into groups based on some particular conditions. Then, apply certain functions to these groups. In the end, combine the output in the form of data structure. In this article, we will walk through the basic uses of a group by function in panda’s python. All commands are executed on the Pycharm editor.

gfldex: Undocumented escape hatch

On my quest to a custom when-statement I did quite a bit of reading. The study of roast and Actions.nqp can lead to great gain in knowledge.

Knowing when to look past your code

At some point, though, your journies will take you to places where things aren’t so clear cut, and you’ll start to gain a sixth sense; a kind of visceral experience that things are not as they have been promised to be.

A few weeks ago, that sixth sense whispered in my ear: “what if, instead of your cruddy bootloader written in a pre-1.0 systems language for a platform you don’t fully understand, it’s the 20 year-old project with 80,000 commits that’s wrong?” And it was right.

Cambalache…

C++ Friend Function – Linux Hint

A function is a block of code that performs a certain task and provides the output. It is mainly used to eliminate repetitive code. In this tutorial, we will look into the friend function in C++ and explain its concept with working examples.

mrcal: principled camera calibrations

In my day job I work with images captured by cameras, using those images to infer something about the geometry of the scene being observed. Naturally, to get good results you need to have a good estimate of the behavior of the lens (the "intrinsics"), and of the relative geometry of the cameras (the "extrinsics"; if there's more than one camera). The usual way to do this is to perform a "calibration" procedure to compute the intrinsics and extrinsics, and then to use the resulting "camera model" to process the subsequent images. Wikipedia has an article. And from experience, the most common current toolkit to do this appears to be OpenCV. People have been doing this for a while, but for whatever reason the existing tools all suck. They make basic questions like "how much data should I gather for a calibration?" and "how good is this calibration I just computed?" and "how different are these two models?" unanswerable.

SolarWind, enough with the password already!

                   

This is a much delayed discussion on the complexity and nuance of the SolarWind hack. The simplistic and wrong messaging from some quarters of the infosec community has resulted in an atrocious misunderstanding of the hack in the public sphere. This has extended into the policy world as these bad takes are treated as cogent analysis.

Microsoft chief's claims on cloud security result in sharp rejoinder

Comments made by Microsoft president Brad Smith to the US Senate Select Committee on Intelligence, which held a hearing on the SolarWinds attacks last week, claiming that there is more security in the cloud than in on-premises servers, have met a tough response from former NSA hacker Jake Williams, who characterised them as having caused more harm to security than the SolarWinds attackers did in the first place. Williams, a well-known figure in the infosec community who runs his own private security outfit, Rendition Infosec, said in a tweet: "I've been thinking a LOT about Brad Smith's testimony this week about #SolariGate. He repeatedly implies that if organisations 'just' adopt a cloud first model, they won't experience these sorts of attacks. I called that reckless then, I'm doubling down now." [...] The SolarWinds attacks were first revealed by the American security firm FireEye on 9 December, when it revealed that its Red Team tools had been stolen. Five days later, FireEye issued a blog post outlining the scale of the attack as known at that stage: a global campaign to compromise public and private sector bodies through corruption of software supply chains, using software that runs on Windows. FireEye chief Kevin Mandia also gave testimony to the same committee hearing. Williams said Smith should have offered more nuance and caveats in his statements. "With his statements that lacked appropriate nuance and caveats, I predict that Smith has caused more harm to security than the Russians did with #SolariGate in the first place," he said. "Yes, I know that's a strong statement. Yes, I mean it." He added: "A lot of leadership who don't know any better heard this testimony and are constructing cloud-first directives as I type this. But they're doing it without understanding the risks and trade-offs. They're doing this without the benefit of creating a strategy first." Microsoft has made a number of statements since the attack first came to light, initially denying its products were part of the problem, but later admitting that the attackers had accessed its source code.

The World Economic Forum Warns That 2021 Could Be The Year Of The CyberAttacks

Klaus Schwab, founder of the World Economic Forum and author of the book "COVID19: The Great Reset", has repeatedly warned about the possibility of devastating large-scale cyberattacks. One of his firmest warnings was given in a heartwarming speech at the WEF-sponsored Cyber Polygon event on July 24th, 2020. The World Economic Forum Centre for Cybersecurity expects the total cost of cyberattacks this year to be $6 trillion. [...] Running up-to-date free software based solutions such as Linux and *BSD is a good preventative measure against real cyberattacks. It will, sadly, not do much difference if a government decides to cut power or Internet access as part of a global "Great Reset" agenda or because inconvenient mass-demonstrations break out.

Switching back to OpenSSL

               

For most users, there should be no noticeable change. If you have any packages installed that are no longer provided by Void, or your system has explicit dependencies on LibreSSL, you will of course need to take action to ensure your system continues to function after the switch.

Microsoft patches serious NTFS drive corruption flaw in Windows 10... but there's a catch

Around a month and a half ago we reported about a serious flaw in Windows 10 that could be exploited to corrupt the contents of an NTFS drive. With Microsoft dawdling in its response, it was down to security researchers from OSR to produce a third-party patch. But now Microsoft has stepped up to the plate and, finally, come up with an official fix for the flaw. Sadly, it's not all good news as the fix is not currently available for everyone.