Notices by Aaron Rainbolt (arraybolt3@theres.life)

@golemwire Settings, no idea, for bookmarks https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them might help.

@golemwire Also probably signing into a Mozilla website enabled Firefox's "Sync" feature or whatever they call it, which is probably what caused this.

@naiyer Another reason I'm glad I'm not a Mac user.

An appeal to all website creators (and maybe to browser makers too) - *please* don't add "convenient" single-letter keyboard shortcuts to your websites. Someone, usually me, *will* accidentally trigger like five or seven of these at a time trying to type into something totally different, causing your website to freak *out* and do all sorts of interesting things. For instance, typing `git pull` into YouTube will cause the currently playing video to go into picture-in-picture mode, pause it, and fast-forward five or ten seconds.

#browser #website #typing #shortcuts

#Ventoy Security Concerns (please boost for visibility)

Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.

Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795

Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s

If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.

#linux #boot #security #malicious #backdoor

The other day I was watching a video with Jordan Peterson in it. If you've ever listened to him, you know that he uses moderately strong expletives every so often while talking. This time though, as he was breaking down a problem, he went to say something about people who live only for temporary pleasure, and just when I thought he was about to use an expletive, he slowed down a bit, and then carefully and thoughtfully described exactly why living only for temporary pleasure is harmful. What he ended up saying was far more insightful and helpful than what I thought he was going to say.

This made me realize one of the core reasons why expletives are harmful. They use a mentally jarring term to gloss over an actual problem. I can say that someone treated me like poop, or I can say what they actually did to me. The latter is far more powerful, honest, and helps people understand what's wrong with something. The former doesn't even give whoever you're talking to a general idea of what's happening. All they know is that you perceived it as negative - they have no idea if that perception is reasonable, what actually happened, or what they should do in response.

#language #jordanpeterson #communication #cussing

Welp, I'm on a roll tonight. First I installed #Haiku (a BeOS clone) without fully wiping the old Debian installation off the disk, so that didn't work, then I did a proper install... and forgot to mark the partition as active. 🤦 I may or may not emerge with a working install by the end of the night if this keeps up :P

alright, I am victorious!

And of course the first thing I had to do after getting the OS installed was try to install Wine on it, followed by a Windows application. So... will report back if I come out alive.

Alright, Windows app was a fail, but other things are working out well enough.

Wow. So despite the fact that my Windows app didn't quite work, so many things *did* work:

* Touchpad, keyboard, SSD, video, USB, all functioning well
* Installer was lightning-fast
* Ethernet worked out of the box
* Built-in web browser (WebPositive) is actually *really* good for being a non-standard browser
* 1 GB of RAM is *just* enough to render a single GitHub tab in WebPositive
* Also was able to browse YouTube although I couldn't watch anything in the browser
* yt-dlp's platform-independent executable worked just fine (I had installed youtube-dl from the repos which didn't work, but it pulled in the right deps for yt-dlp it seems)
* MediaPlayer was able to play the video I downloaded *really smoothly*
* Speakers worked
* IRC works

I'm impressed. Very impressed. I had no clue a "hobby OS" like this could be this far along.

I did hit some hiccups:

* Boxedwine got stuck forever trying to launch any Windows app, and was then impossible to close
* Trying to shutdown or reboot the system always hangs the entire OS (thankfully it seems to be just a nuisance, I can force-shutdown at that point and it seems I suffer no severe consequences for doing so)
* Drive partitioner's UI could be better, I ended up botching my install twice in a row because of that
* MediaPlayer is *very* sensitive to clicks, I accidentally restarted my video several times because of that since tap-to-click was working on my touchpad :P
* Lots of keyboard shortcuts I'm used to from other OSes and DEs don't work (Alt+Tab, Alt+F4, Ctrl-Alt-T, and I even had some trouble with Ctrl-A and Ctrl-C though those may have been keyboard-induced user error because this old laptop has the Control key in a funky spot)

All in all though, very good OS. And I may try to determine the source of the lockup-on-shutdown issue and fix it if I can.

PSA: Yes, Ubuntu 24.04 is released, No, you cannot do-release-upgrade 22.04 to 24.04 normally yet. Ubuntu intentionally does not allow 22.04-to-24.04 upgrades by default until 24.04.1 is released. That gives us Ubuntu Developers time to fix a few more bugs and let things get stabilized better.

Just be patient, upgrades are coming :)

#ubuntu #linux

@golemwire I used it for a while and it was really awesome. It was awesome enough that for a decent while I had my KDE session set up to look and feel quite similar. That was *the most* efficient and enjoyable desktop experience I think I've ever used, and I may go back to it. In fact, I think I'm going to have to now that I've written this :P

Ubuntu Unity 24.04 LTS is coming, and it's going to use Calamares as the installer.

#ubuntu #ubuntuunity #UbuntuUnityRemix #unitydesktop #linux #calamares

@mdhughes @aral The FOSS devs oftentimes use GPL and are perfectly happy to introduce GPLv2+ code, and the indie devs can use GPL code too and even sell their software as long as they also give source and GPL rights as required. Ardour does this and it works pretty well for them.

I will say, though, whatever GPL version you choose, please, I beg of you, add the "or any later version" clause or you give license auditors and devs a headache. I have had some interesting messes to untangle because of the lack of "or any later version" clauses when trying to piece together a program.

@fuat2mb I'm not vegan, but this is a severely flawed argument from a logical perspective. By the same logic, if God didn't want us to hit people, He wouldn't have made it so satisfying to punch someone you're mad at. I'm sure you can see the obvious flaw here - the fact that punching someone you're mad at is satisfying doesn't mean that it's sanctioned by God. "I enjoy it" is not the magical go-ahead for anything.

The reverse also isn't true - the fact that we enjoy something doesn't necessarily make it sinful either. People ate meat in the OT and it was perfectly fine. Therefore the enjoyableness of an activity does not dictate whether it is morally acceptable or not.

Text is one of the most fundamental things people work with when using a computer. Yet there's a lot more to text than meets the eye - text encodings, codepages, scancodes, font hinting and kerning, complex script handling, endianness, OS-dependent line endings, extended ASCII for drawing "pictures" in text, control "characters", etc., etc. I'd have to learn a fair bit in order to make a good article on it, but should I try and write an article on what a computer's idea of "text" is and the history behind it?

#text #computers #linux #windows #macos #classicmac #retrocomputing #msdos #unicode #fonts #hardware

This is why I hate Python.

#python

The complexity of markup processors never ceases to give me a headache. I mean, seriously, markup languages are one of those things that look like a decent mix of human-readable and machine-readable when you're writing them, and then quickly turn into a total mess when you try to parse them.

Anyone know of a decent diff3 resolution tool? I have a file that has diff3 markers showing how two files diverge from a common base, but the sections that are marked as diverging are LOOOOONG and it's very unwieldy to view in Vim. It would be awesome if there's some sort of tool (GUI or CLI, I don't care) that would show me just the part of the file that is common to both "branches" in one pane, then show me where the diverging parts are and what their contents are in two additional panes (both separate from the main one), preferably with the ability to diff the two "versions" of the diverging file sections with each other. My Google-fu is failing me while hunting for a tool like this.

I may have to write something like this myself if it doesn't exist yet.

#linux #cli #vim #diff #diff3 #programming #ubuntu #debian

If you're writing open-source software, please do yourself and other software developers a favor and familiarize yourself with how software licensing works. As an Ubuntu Developer, much of my work involves auditing the source code licensing of various applications. Most of these applications have miserably complicated licensing situations, sometimes with licensing violations involved. I also occasionally run into licensing or copyright terms that an author probably didn't intend to specify, but that they did specify unambiguously nonetheless.

For instance, did you know that if you state that a file is "under the GPL license" without specifying what version, that means that the user of your file can use it under *any* version of the GPL they want to? Look at GPLv1 Section 7, GPLv2 Section 9, and GPLv3 Section 14 if you don't believe me. I found a file written in 2017 with these licensing terms. Did the author *mean* to do this? Probably not, they probably wanted to use GPLv3 (or maybe GPLv2). But since they didn't specify a version, I'm within my legal right to use this code under GPLv1's terms if I care to. I'm not going to do that since I have no interest in using this file for anything, but it goes to show you how a slip-up in your licensing specification can cause people to have rights or be free of restrictions you didn't want to give them or let them be free from.

Another (very very common) slip-up is for most of the source code in a repository to have license headers specifying GPLv2 *or later*, but with no repository-wide license specified in an AUTHORS or README file, and with a GPLv2 license in a LICENSE or COPYING file. What you probably *think* this does is license your program under GPLv2 or later, but what it *actually* does is give you a messy mixed-licensing situation with some files licensed GPLv2 only and some files licensed GPLv2 or later. Why? Because the default repository-wide license is GPLv2 as set by the LICENSE or COPYING file, and all of the headers that specify GPLv2 or later are overriding that default license.

You may think, "Why can't someone just infer that because most of the files are GPLv2 or later, that all of them are?" Great question! There's two answers. One, if you unambiguously specify something you didn't mean to specify, whatever you specified is what's legally binding. There's not room for "well that's what I said, but what I meant was..." in licensing. Secondly, many projects *actually use multiple licenses in one project* (for instance you'll have GPL, BSD-2-Clause, BSD-3-Clause, and MIT licenses all in one application). So how does one know if you just "accidentally" specified the wrong license, or if you meant to make a mixed-license application? They can't determine your intent with 100% certainty, so they have to obey what you said, *not* what you meant to say.

I am not a lawyer and this is not legal advice. This is just advice on how to help keep software developers from having headaches and problems reusing code.

#opensource #software #licensing #linux #gpl #bsdlicense #mitlicense #bsd #mit #foss