Search
This week in Plasma: hardware is hard
cross-posted from: https://social.opendesktop.org/users/thisweekinkde/statuses/113332629027504589
> This week in Plasma: hardware is hard > > https://pointieststick.com/2024/10/18/this-week-in-plasma-hardware-is-hard/ > > @[email protected] @[email protected] > \#KDE #Plasma #KDEPlasma #Linux #FOSS #OpenSource
This Week in KDE Apps
cross-posted from: https://social.opendesktop.org/users/thisweekinkde_apps/statuses/113340776757238911
> This Week in KDE Apps > > https://blogs.kde.org/2024/10/20/this-week-in-kde-apps/ > > @[email protected] @[email protected] > \#KDE #KDEApps #Linux #FOSS #OpenSource
"This Week in KDE Apps" is out!
cross-posted from: https://floss.social/users/kde/statuses/113301163552358501
> "This Week in KDE Apps" is out! > > In this week's episode we enhanced the accessibility of a bunch of our most popular apps; released new versions of KleverNotes, KPhotoAlbum; and improved the performance and usability of KDE Connect, Kate, Konqueror, @tokodon and more. > > https://blogs.kde.org/2024/10/13/this-week-in-kde-apps/ > > @[email protected]
New Human Interface Guidelines
Today I’d like to share a new set of Human Interface Guidelines (HIG) for KDE’s software that I’ve written, replacing the old one. This work was done over the past several months …
Lemmy Safety now supports cleaning local pict-rs storage from CSAM
tværpostet fra: https://lemmy.dbzer0.com/post/3076577
> I posted the other day that you can clean up your object storage from CSAM using my AI-based tool. Many people expressed the wish to use it on their local file storage-based pict-rs. So I've just extended its functionality to allow exactly that.
>
> The new lemmy_safety_local_storage.py will go through your pict-rs volume in the filesystem and scan each image for CSAM, and delete it. The requirements are
>
> * A linux account with read-write access to the volume files
> * A private key authentication for that account
>
> As my main instance is using object storage, my testing is limited to my dev instance, and there it all looks OK to me. But do run it with --dry_run if you're worried. You can delete lemmy_safety.db and rerun to enforce the delete after (method to utilize the --dry_run results coming soon)
>
> PS: if you were using the object storage cleanup, that script has been renamed to lemmy_safety_object_storage.py
This week in KDE brings new (https://floss.social/tags/Plasma6) features, like changes to the sound theme and when sounds are played, you can now change your active power profile, and log in
cross-posted from: https://floss.social/users/kde/statuses/110757339124363899
> This week in KDE brings new #Plasma6 features, like changes to the sound theme and when sounds are played, you can now change your active power profile, and log in easier to captive portal pages (like those found at hotels and airports). > Much more at > > https://pointieststick.com/2023/07/21/this-week-in-kde-plasma-6-features/ > > @[email protected]
Proxmox Backup Server 3.0 available
cross-posted from: https://lemmy.world/post/935508
> cross-posted from: https://lemmy.zell-mbc.com/post/1393 > > > Proxmox Backup Server 3.0 available > > > > It's based on Debian 12 "Bookworm", but uses the newer Linux kernel 6.2, and includes ZFS 2.1.12. > > > > * Debian 12, with a newer Linux kernel 6.2 > > * ZFS 2.1.12 > > * Additional text-based user interface (TUI) for the installer ISO > > * Many improvements for tape handling > > * Sync jobs: “transfer-last” parameter for more flexibility > > > > Release notes > > https://pbs.proxmox.com/wiki/index.php/Roadmap > > > > Press release > > https://www.proxmox.com/en/news/press-releases/
On the paper “Exploring the MIT Mathematics and EECS Curriculum Using LLMs”
https://people.csail.mit.edu/asolar/CoursesPaperStatement.pdf
Lemmy v0.18.0 Release
cross-posted from: https://beehaw.org/post/723906
> cross-posted from: https://lemmy.ml/post/1465740
>
> > ## What is Lemmy?
> >
> > Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.
> >
> > ## Major Changes
> >
> > ### HTTP API instead of Websocket
> >
> > Until now Lemmy-UI used websocket for all API requests. This has many disadvantages, like making the code harder to maintain, and causing live updates to the site which many users dislike. Most importantly, it requires keeping a connection open between server and client at all times, which causes increased load and makes scaling difficult. That's why we decided to rip out websocket entirely, and switch to HTTP instead. This change was made much more urgent by the sudden influx of new users. @CannotSleep420 and @dessalines have been working hard for the past weeks to implement this change in lemmy-ui.
> >
> > HTTP on its own is already more lightweight than websocket. Additionally it also allows for caching of server responses which can decrease load on the database. Here is an experimental nginx config which enables response caching. Note that Lemmy doesn't send any cache-control headers yet, so there is a chance that private data gets cached and served to other users. Test carefully and use at your own risk.
> >
> > ### Two-Factor Authentication
> >
> > New support for two-factor authentication. Use an app like andOTP or [Authenticator Pro](
> > https://f-droid.org/packages/me.jmh.authenticatorpro/) to store a secret for your account. This secret needs to be entered every time you login. It ensures that an attacker can't access your account with the password alone.
> >
> > ### Custom Emojis
> >
> > Instance admins can add different images as emojis which can be referenced by users when posting.
> >
> > ### Other changes
> >
> > #### Progressive Web App
> >
> > Lemmy's web client can now be installed on browsers that support PWAs, both on desktop and mobile. It will use an instance's icon and name for the app if they are set, making it look like a given instance is an app.
> >
> > Note for desktop Firefox users: the desktop version of Firefox does not have built in support for PWAs. If you would like to use a Lemmy instance as a PWA, use use this extension.
> >
> > #### Error Pages
> >
> > Lemmy's web client now has error pages that include resources to use if the problem persists. This should be much less jarring for users than displaying a white screen with the text "404 error message here".
> >
> > #### Route Changes
> >
> > Pages that took arguments in the route now take query parameters instead. For example, a link to lemmy.ml's home page with a few options used to look like this:
> >
> > > > https://lemmy.ml/home/data_type/Post/listing_type/All/sort/Active/page/1 > >
> >
> > The new route would look like this:
> >
> > > > https://lemmy.ml?listingType=All > >
> > Note that you now only have to specify parameters you want instead of all of them.
> >
> > #### Searchable select redesign
> > The searchable selects, such as those used on the search page, have a new look and feel. No more inexplicable green selects when using the lightly themes!
> >
> > #### Share button
> >
> > Posts on the web client now have a share button on supported browsers. This can be used to share posts to other applications quickly and easily.
> >
> > #### Lemmy-UI Overall look and feel
> >
> > lemmy-ui is now upgraded to bootstrap 5, and every component is now much cleaner.
> >
> > Special thanks to sleepless, alectrocute, jsit, and many others for their great work on improving and re-organizing lemmy-ui.
> >
> > #### Database optimizations
> >
> > Special thanks to johanndt, for suggesting improvements to Lemmy's database queries. Some of these suggestions have already been implemented, and more are on the way.
> >
> > Query speed is Lemmy's main performance bottleneck, so we really appreciate any help database experts can provide.
> >
> > #### Captchas
> >
> > Captchas are not available in this version, as they need to be reimplemented in a different way. They will be back in 0.18.1, so wait with upgrading if you rely on them.
> >
> > ## Upgrade instructions
> >
> > Follow the upgrade instructions for ansible or docker.
> >
> > If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.
> >
> > ## Support development
> >
> > We (@dessalines and @nutomic) have been working full-time on Lemmy for almost three years. This is largely thanks to support from NLnet foundation.
> >
> > If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they've proven to be the only way that open-source software like Lemmy can stay independent and alive.
> >
Uh...
Enpass is a freemium password manager and
From wikipedia.
So you switched to a proprietary password manager?
Also:
The Enpass app retains no user data on its company servers,[6][7] instead storing and syncing encrypted password vaults on storage controlled by the end user.
How is this different than keepass/xc, a fully foss solution?
Best to switch to Firefox anyways, or even better privacy enhanced LibreWolf
This project is a custom and independent version of Firefox, with the primary goals of privacy, security and user freedom. LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.
Don't let your dreams be dreams, friend.
Github: Windows XP All Editions Universal Product Keys Collection
There have also been some concerns about Playtron being a crypto/web3 project. While the first partner to ship Playtron powered devices, Sui, is a web3 company, Playtron itself is not. It’s a vendor neutral solution to anyone who wishes to make Linux powered game consoles whether it’s a web3 company, a hardware manufacturer or just someone who wants to re-purpose an old build as a living room console.
Because he says they talked about crypto I had to go through to see what it was talking about. But it wasn't dumb.
I keep it installed for the odd site that requires it and because Firefox still doesn't support WebSerial.
The comment about waiting until there's twitter drama to fix something is spot on. It took them a few days to fix this and it could've saved them the bad publicity for such an obvious fix.
Others have been asking for a password prompt for years too. Using the local keychain is good, though a user-defined password is a good option too. However, many people have terrible opsec and would probably opt for horribly weak passwords.
At least something has finally been done.
This is the best summary I could come up with:
More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said.
Tracked as CVE-2024-39929 and carrying a severity rating of 9.1 out of 10, the vulnerability makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code.
“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site.
More than 1.5 million of the Exim servers, or roughly 31 percent, are running a vulnerable version of the open source mail app.
Threat actors can exploit it to bypass extension blocking and deliver executable attachments in emails sent to end users.
Given the requirement that end users must click on an attached executable for the attack to work, this Exim vulnerability isn’t as serious as the one that was exploited starting in 2019.
The original article contains 294 words, the summary contains 148 words. Saved 50%. I'm a bot and I'm open source!
@leo Well, which one doesn't at this rate... Still waiting on OpenRecall to actually do something about encrypting its internal memory in some way.
This is the best summary I could come up with:
OpenAI announced its Mac desktop app for ChatGPT with a lot of fanfare a few weeks ago, but it turns out it had a rather serious security issue: user chats were stored in plain text, where any bad actor could find them if they gained access to your machine.
As Threads user Pedro José Pereira Vieito noted earlier this week, "the OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in plain-text in a non-protected location," meaning "any other running app / process / malware can read all your ChatGPT conversations without any permission prompt."
OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses.
OpenAI has now updated the app, and the local chats are now encrypted, though they are still not sandboxed.
It's not a great look for OpenAI, which recently entered into a partnership with Apple to offer chat bot services built into Siri queries in Apple operating systems.
Apple detailed some of the security around those queries at WWDC last month, though, and they're more stringent than what OpenAI did (or to be more precise, didn't do) with its Mac app, which is a separate initiative from the partnership.
The original article contains 291 words, the summary contains 211 words. Saved 27%. I'm a bot and I'm open source!
This is the best summary I could come up with:
We’ve spent the past week and a half testing seven Copilot Plus PCs, representing all four Snapdragon X chips, against a slate of similar laptops running Apple Silicon, Intel Core Ultra, and AMD Ryzen processors.
Microsoft automatically enables Auto SR (its own version of Nvidia’s DLSS or AMD’s FSR, which increase frame rates by dropping the in-game resolution and then upscaling with AI) on a short list of games, which includes The Witcher 3 and Control.
In other games that are supposed to be optimized for Windows on Arm, like Control and Borderlands 3, turning on ASR degraded the visual quality with distracting flickering lines on or around fine details like mesh screens and hair.
In Tom’s testing, the Microsoft Surface Laptop with the Snapdragon X Plus CPU lasted about seven hours with the brightness set to 100 percent while being pushed with all sorts of tasks like downloading games from Steam and taking video calls.
They feature nearly everything most other laptops in that price range do: beautiful OLED displays; high storage capacity; long battery life; fast processors; metal chassis; and in some cases, the latest Wi-Fi 7 adapter.
And now that every major Windows laptop manufacturer has at least one Snapdragon X-based machine, there should finally be enough of an install base to entice developers at large to create native Arm64 versions of their apps, which will make these an easier sell.
The original article contains 2,946 words, the summary contains 234 words. Saved 92%. I'm a bot and I'm open source!
This is the best summary I could come up with:
As part of the memory management changes expected to be merged for the upcoming Linux 6.11 cycle is allowing more fine-tuned control over the swappiness setting used to determine how aggressively pages are swapped out of physical system memory and into the on-disk swap space.
This effectively allows more finer-grained control over the swapiness behavior without overriding the global swappiness setting.
Dan Schatzberg of Meta explains in the patch adding swappiness= support to memory.reclaim: Allow proactive reclaimers to submit an additional swappiness=[val] argument to memory.reclaim.
However, proactive reclaim runs continuously and so its impact on SSD write endurance is more significant.
Therefore, it's desireable to have proactive reclaim reduce or stop swap-out before the threshold at which OOM killing occurs.
This has been in production for nearly two years and has addressed our needs to control proactive vs reactive reclaim behavior but is still not ideal for a number of reasons:
The original article contains 474 words, the summary contains 151 words. Saved 68%. I'm a bot and I'm open source!
This is the best summary I could come up with:
The Raspberry Pi Foundation has released Raspberry Pi OS 2024-07-04 as the newest update to this default operating system for Raspberry Pi ARM single board computers.
Raspberry Pi OS 2024-07-04 continues defaulting to Wayfire as the default Wayland compositor for the desktop with this operating system.
However, now through the raspi-config configuration utility is also the labwc stacking Wayland compositor for those preferring that instead or just wanting to try something different from Wayfire.
Wayfire meanwhile has seen a number of fixes in this Raspberry Pi OS update.
Also on the Wayland side, WayVNC for VNC support under Wayland has improved encryption support and better handling of virtual displays.
This Raspberry Pi OS update moves to using the Linux 6.6.31 kernel plus brings other package updates such as Google Chromium 125 and Firefox 126 plus the newest Raspberry Pi firmware.
The original article contains 199 words, the summary contains 140 words. Saved 30%. I'm a bot and I'm open source!
This is the best summary I could come up with:
Qualys went public today with a security vulnerability they have discovered within the OpenSSH server that could lead to remote, unauthenticated code execution.
OpenSSH servers running with the GNU C Library (glibc) in Linux environments are vulnerable to CVE-2024-6387, or the vulnerability they have dubbed "RegreSSHion" as a play on "SSH" and "regression".
A signal handler race condition within the OpenSSH server could lead to unauthenticated remote code execution.
Various versions of OpenSSH going back years are affected on Linux.
Qualys noted in their research: "This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access.
More details on CVE-2024-6387 as this severe OpenSSH security vulnerability for Linux servers can be found via the Qualys blog.
The original article contains 170 words, the summary contains 145 words. Saved 15%. I'm a bot and I'm open source!
This is the best summary I could come up with:
Data collection around users tends to be a very touchy subject in the Linux/open-source world even when opt-in and Fedora Workstation 42 has just seen a proposal raised to do just that.
If approved the Fedora Workstation 42 release would roll-out an opt-in metrics system of anonymous user information from system settings to hardware information and desktop usage patterns.
The proposal aims to collect more real-world representative information about Fedora Workstation use that would help developers focus their efforts moving forward and help with data/use-case discovery and analysis.
All data points would be collected individually as well to prevent system/user finger-printing.
The proposal was just posted to the Fedora devel mailing list to which there have been no comments yet but given the topic will certainly lead to an active discussion.
This isn't the first time such a change has been proposed for Fedora Linux but over the years have been various efforts around privacy-preserving telemetry, per-system unique identifiers for DNF, etc.
The original article contains 267 words, the summary contains 162 words. Saved 39%. I'm a bot and I'm open source!
Maybe next year it'll be less of an issue in the EU, when the commission has forced Apple to comply and third party stores are finally properly allowed. They won't be able to force third parties to follow arbitrary rules.
This is the best summary I could come up with:
It also supports Bluetooth wireless and USB-C wired connections as well as a whole bunch of custom programmability using Hori’s software.
The new controller is set to launch in Japan on October 31st in four colors (black, white, neon yellow, and violet), selling for 7,890 yen (about $50).
I tested the Horipad Pro for our Xbox controller buying guide and found it to be serviceable with fine ergonomics and a great D-pad — though it was somewhat outclassed by other options that run cheaper.
Hori’s decision to start sales in its home country makes sense, but it may also speak to the rise of PC gaming in Japan, with handhelds being such a popular choice there that Valve spun up a partnership with an entirely different company for Steam Deck distribution (including in-store availability).
In general, gamepad usage in Steam is on the rise — as Valve’s just-released statistics show.
Perhaps this is setting the table for a wide swath of licensed Steam controllers from a variety of manufacturers like we see on Xbox consoles — with more wireless options, I hope.
The original article contains 449 words, the summary contains 182 words. Saved 59%. I'm a bot and I'm open source!