Notices by Sergey Bugaev (bugaevc@floss.social)

What systems developers want:

🤷 algebraic data types
🤷 trait-based generics
🤷 Hindley–Milner type system
❌ npm-style package ecosystem
❌ language-specific build system

✅ shared libraries, dynamic linking
✅ stable, well-defined ABI
✅ precise control over symbols (exports, versioning, visibility, relocations)
✅ seamless FFI with C and C++

(time for another rust shitpost 🙃)

When packaging and using an app, I don't particularly care whether the developer had access to "associated type constructors" or "unboxed closures" or "if-let chains" when they were writing the app.

I do care if the build takes 30 minutes instead of 30 seconds, if the binary sizes are 10x of what's expected and reasonable, if the app vendors and bundles an ungodly number of random libraries with questionable origins & supply chains.

Replaced OpenRC with systemd, now my phone no longer boots

👌

this-is-fine.service

$ pldd 93455
93455: /usr/bin/sshd
linux-vdso.so.1
/lib64/libcrypto.so.3
/lib64/libz.so.1
/lib64/libc.so.6
/lib64/ld-linux-x86-64.so.2

look ma, no libsystemd, no libxz (and yet Type=notify).

@brooke "worse eff ess"

"zero-knowledge proof" is what happens when I manage to prove a statement in Lean by repeatedly applying standard tactics without having any actual understanding of the problem domain

@JCWasmx86 addauth

@lanodan @Conan_Kudo and F42 is not even in beta yet, so it makes sense

friendship ended with Agda, now Lean is my best friend

@mjg59 I'm sure you do understand remote attestation 🙂 (a huge lot better than I do anyway)

But your recent post doesn't mention it, and instead takes apart a weird argument that it's the TPM itself which does the decoding (rather than releasing the secret material that is then used for key negotiation / decoding). Whereas I was indeed expecting you to explain how this is tied in with remote attestation, and how evil (or not?) that is, and why FSF is wrong about that, if they are.

@mjg59 thanks

1. Is it just a matter of time before media streaming starts to require remote attestation via TPM? Or are there fundamental reasons for why the companies don't actually want that? It seems attractive to verify & require that the device runs a stock non-jailbroken version of iOS for example.

@mjg59
2. Assuming the threat model is: someone with complete physical access to a laptop trying to fool remote attestation into falsely passing — is it true that it's possible to intercept on-board communications between the TPM and the other components (CPU? RAM?), and feed false data into the TPM (pretending to be running stock software) to get it to release the secret material?

@matt hey, I saw the GTK AccessKit branch was merged, but there hasn't been any updates or GitLab activity from you in a while. Is Newton still happening?

PSA: If you're writing a GTK widget that uses floating-point math to convert between its own size and its child size — perhaps multiplying/dividing by a scale, like GtkRevealer does, or lerp + ease, like AdwClamp does,

you MUST use ceil() when converting from the child's size to the container size, and floor() when converting the other way. This is the only working combination.

I have discovered a truly marvelous proof of this, which this toot is too short to contain.

#gtk

New week, new round of wrestling again GTK layout

@brooke

Beginners' All-purpose Symbolic Instruction Code
vs
COMputer Programming Language for EXperts

And now I hacked up Pango to:
1. finally do per-layout limits on the number of lines (instead of per-paragraph, which makes no sense),
2. do a better job ellipsizing the last line even when the line itself fits, but there are further lines that don't (due the the height limit or line number limit) — this still needs more polish, but it works somewhat,
3. and to finally have a proper way to disable wrapping, PANGO_WRAP_NONE (wanna guess how Gtk.Label.set_wrap (false) was working until now?)
#gtk

Oh my freaking god, Tuba on my branch… just works now? With no warnings or criticals, and no broken layout?

This is a port to Adw.WrapBox (kindly made by @GeopJr), with fixes to Adw.WrapBox and further reworking of Gtk.Box (and Gtk.Window).

#GTK

@janneke amazing!

@goku12 almost every time a news item about gccrs is posted, the comments on r/rust, HN, and even LWN and overwhelmingly negative.

"essentially apologize and explain themselves" refers to their recent guest blog post in the official Rust blog, where they rebuff common criticisms and try to convince you that they're not out to harm the Rust ecosystem https://blog.rust-lang.org/2024/11/07/gccrs-an-alternative-compiler-for-rust.html