Notices by Sergey Bugaev (bugaevc@floss.social)

@lanodan @Conan_Kudo and F42 is not even in beta yet, so it makes sense

friendship ended with Agda, now Lean is my best friend

@mjg59 I'm sure you do understand remote attestation 🙂 (a huge lot better than I do anyway)

But your recent post doesn't mention it, and instead takes apart a weird argument that it's the TPM itself which does the decoding (rather than releasing the secret material that is then used for key negotiation / decoding). Whereas I was indeed expecting you to explain how this is tied in with remote attestation, and how evil (or not?) that is, and why FSF is wrong about that, if they are.

@mjg59 thanks

1. Is it just a matter of time before media streaming starts to require remote attestation via TPM? Or are there fundamental reasons for why the companies don't actually want that? It seems attractive to verify & require that the device runs a stock non-jailbroken version of iOS for example.

@mjg59
2. Assuming the threat model is: someone with complete physical access to a laptop trying to fool remote attestation into falsely passing — is it true that it's possible to intercept on-board communications between the TPM and the other components (CPU? RAM?), and feed false data into the TPM (pretending to be running stock software) to get it to release the secret material?

@matt hey, I saw the GTK AccessKit branch was merged, but there hasn't been any updates or GitLab activity from you in a while. Is Newton still happening?

PSA: If you're writing a GTK widget that uses floating-point math to convert between its own size and its child size — perhaps multiplying/dividing by a scale, like GtkRevealer does, or lerp + ease, like AdwClamp does,

you MUST use ceil() when converting from the child's size to the container size, and floor() when converting the other way. This is the only working combination.

I have discovered a truly marvelous proof of this, which this toot is too short to contain.

#gtk

New week, new round of wrestling again GTK layout

@brooke

Beginners' All-purpose Symbolic Instruction Code
vs
COMputer Programming Language for EXperts

And now I hacked up Pango to:
1. finally do per-layout limits on the number of lines (instead of per-paragraph, which makes no sense),
2. do a better job ellipsizing the last line even when the line itself fits, but there are further lines that don't (due the the height limit or line number limit) — this still needs more polish, but it works somewhat,
3. and to finally have a proper way to disable wrapping, PANGO_WRAP_NONE (wanna guess how Gtk.Label.set_wrap (false) was working until now?)
#gtk

Oh my freaking god, Tuba on my branch… just works now? With no warnings or criticals, and no broken layout?

This is a port to Adw.WrapBox (kindly made by @GeopJr), with fixes to Adw.WrapBox and further reworking of Gtk.Box (and Gtk.Window).

#GTK

@janneke amazing!

@goku12 almost every time a news item about gccrs is posted, the comments on r/rust, HN, and even LWN and overwhelmingly negative.

"essentially apologize and explain themselves" refers to their recent guest blog post in the official Rust blog, where they rebuff common criticisms and try to convince you that they're not out to harm the Rust ecosystem https://blog.rust-lang.org/2024/11/07/gccrs-an-alternative-compiler-for-rust.html

@goku12 here's a comment on r/rust by one of the gccrs devs about how un-welcome that makes them feel https://www.reddit.com/r/rust/comments/12y85ww/comment/jhrqz72

It's beyond ridiculous that instead of receiving gratitude, cheers, encouragement, and support (both moral and financial), #GCC #Rust developers have to essentially apologize and explain themselves in order not be judged by the Rust community.

Imagine you come across a small but somewhat useful piece of software, written in C or C++, built using a typical buildsystem like Meson or straightforward Make. There aren't any unreasonable dependencies or version requirements either.

Think something like scdoc.

But, there's a Dockerfile in the repo (starting FROM an outdated ubuntu image, naturally), all the build instructions prominently recommend doing the build in Docker, ...

1/3

...and all the usage instructions just as prominently recommend using a pre-built Docker image provided by them.

Should you file a bug report, where all signs point to a rather obvious issue in their code, and happen to mention that you weren't in fact using Docker, but just built the software in the natural & straightforward way, the maintainers close the report, saying that non-Docker builds are unsupported, ...

2/3

since they don't have the capacity nor the desire to support the multitude of differing environments & distros.

Finally, upon startup, the software checks to see if it's running inside Docker, and prints a loud & annoying warning about an unsupported configuration otherwise.

3/3

@brooke rather, of gender source, which GPL defines as "preferred form of the work for making modifications" 😉

GNU #Mach on AArch64 now boots up and runs a simple userspace hello world on ✨ real hardware ✨ , booted from U-Boot! 🎉

Kudos to Manolo De Medici for testing & helping track down issues!

If you want to help with Mach / #Hurd on AArch64 and know anything about writing drivers and/or have an AArch64 board, please get in touch :)