Status update, December 2021

Greetings! It has been a cold and wet month here in Amsterdam, much like the rest of them, as another period of FOSS progress rolls on by. I have been taking it a little bit easier this month, and may continue to take some time off in the coming weeks, so I can have a bit of a rest for the holidays. However, I do have some progress to report, so let’s get to it.

In programming language progress, we’ve continued to see improvement in cryptography, with more AES cipher modes and initial work on AES-NI support for Intel processors, as well as support for HMAC and...

Impressions of Linux Mint & elementary OS

In a recent post, I spoke about some things that Linux distros need to do better to accommodate end-users. I was reminded that there are some Linux distros which are, at least to some extent, following my recommended playbook, and have been re-evaluating two of them over the past couple of weeks: Linux Mint and elementary OS. I installed these on one of my laptops and used it as my daily driver for a day or two each.

Both of these distributions are similar in a few ways. For one, both distros required zero printer configuration: it just worked. I was very impressed with this. Both distros are...

Stack-based buffer overflow vulnerability in UDP packet handling in Toxcore (CVE-2021-44847)

A stack-based buffer overflow vulnerability was discovered in Toxcore’s networking code that allows a remote attacker to crash the Toxcore process or potentially execute arbitrary code by sending a specially crafted packet. The vulnerability was assigned CVE-2021-44847 identifier.

All users of Toxcore that don’t have UDP disabled are affected. An attacker, knowing the target’s DHT public key, IP and port, can easily craft a packet exploiting the vulnerability. DHT public key, IP and port are all public information, publicly available on the DHT, so an attacker can target any and all Toxcore users by scraping this information from the DHT. This...

What desktop Linux needs to succeed in the mainstream

The Linus Tech Tips YouTube channel has been putting out a series of videos called the Switching to Linux Challenge that has been causing a bit of a stir in the Linux community. I’ve been keeping an eye on these developments, and thought it was a good time to weigh in with my thoughts. This article focuses on what Linux needs to do better — I have also written a companion article, “How new Linux users can increase their odds of success”, which looks at the other side of the problem.

Linux is not accessible to the average user today, and I didn’t need to watch these videos...

How new Linux users can increase their odds of success

The Linus Tech Tips YouTube channel has been putting out a series of videos called the Switching to Linux Challenge that has been causing a bit of a stir in the Linux community. I’ve been keeping an eye on these developments, and thought it was a good time to weigh in with my thoughts. This article focuses on how new Linux users can increase their odds for success — I have also written a companion article, “What desktop Linux needs to succeed in the mainstream”, which looks at the other side of the problem.

Linux is, strictly speaking, an operating system kernel, which is a small component of...

How to download private Facebook videos

postmarketOS revolutionizes smartphone hacking

I briefly mentioned postmarketOS in my Pinephone review two years ago, but after getting my Dutch SIM card set up in my Pinephone and having another go at using postmarketOS, I reckon they deserve special attention.

Let’s first consider the kind of ecosystem into which postmarketOS emerged: smartphone hacking in the XDA Forums era. This era was dominated by amateur hackers working independently for personal prestige, with little to no regard for the values of free software or collaboration. It was common to see hacked-together binary images shipped behind adfly links in XDA forum threads in blatant disregard of the GPL, with pages and pages of users asking...

My philosophy for productive instant messaging

We use Internet Relay Chat (IRC) extensively at sourcehut for real-time group chats and one-on-one messaging. The IRC protocol is quite familiar to hackers, who have been using it since the late 80’s. As chat rooms have become more and more popular among teams of both hackers and non-hackers in recent years, I would like to offer a few bites of greybeard wisdom to those trying to figure out how to effectively use instant messaging for their own work.

For me, IRC is a vital communication tool, but many users of <insert current instant messaging software fad here>1 find it frustrating, often to the point of resenting the fact...

Python: Please stop screwing over Linux distros

Linux distributions? Oh, those things we use to bootstrap our Docker containers? Yeah, those are annoying. What were you complaining about again?

The Python community is obsessed with reinventing the wheel, over and over and over and over and over and over again. distutils, setuptools, pip, pipenv, tox, flit, conda, poetry, virtualenv, requirements.txt, setup.py, setup.cfg, pyproject.toml… I honestly can’t even list all of the things you have to deal with. It’s a disaster.

This comic is almost 4 years old and it has become much worse since. Python is a mess. I really want to like Python. I have used it for many years and in many projects, including...

I will pay you cash to delete your npm module

npm’s culture presents a major problem for global software security. It’s grossly irresponsible to let dependency trees grow to thousands of dependencies, from vendors you may have never heard of and likely have not critically evaluated, to solve trivial tasks which could have been done from scratch in mere seconds, or, if properly considered, might not even be needed in the first place.

We need to figure out a way to curb this reckless behavior, but how?

I have an idea. Remember left-pad? That needs to happen more often.

I’ll pay you cold hard cash to delete your npm module. The exact amount will be determined on this equation,...