KUserFeedback is a library for collecting user feedback for apps via telemetry and surveys.
Version 1.3.0 is now available for packaging.

This version adds the option to build it for Qt 6. It can also be built for Qt 5 and distros may want to package it twice, however this will mean handling some overlapping files and most apps which use it will be ported to Qt 6 as part of the KDE 6 MegaReleases in February so distros may prefer to drop Qt 5 builds then.

sha256 252308b822dd4690ea85ab1688c9b0da5512978ac6b435f77a5979fc1d2ffd13

URL https://download.kde.org/stable/kuserfeedback/

Signed by E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell <jr@jriddell.org>
https://jriddell.org/esk-riddell.gpg

* new release 1.3
* Add CC0-1.0 license
* Do not look for QtHelp if docs are disabled
* Remove unneeded setting of CMake policies, implied by requiring 3.16
* Add flatpak CI
* Bump minimum cmake version to 3.16
* Add explicit moc includes to sources for moc-covered headers
* Remove Designer&#39;s &quot;.&quot; normaloff file data from icon properties in .ui files
* Use latest-kf6 branch for Qt6
* In qt6 plugin name is KUserFeedbackQmlQt6
* PHP 8 compatibility
* Fix Qt 6 build of PHP-dependent unit tests
* categoryaggregationmodel
* Fix include form (use &quot;&quot; instead of &lt;&gt;) for provider.h
* Remove forward declaration as include is already defined
* Fix debug message
* Autogenerate debug categories
* Create logging_p.cpp directly
* Fix show headers in qtc6
* Compatibility is not necessary now
* kuserfeedback_version.h was not installed
* Fix compatibility (install temporary include in KUserFeedBack too)
* Add warning about removing compatibility
* Show all headers in includes
* KUserFeedbackConsole is an internal static lib too
* Not necessary here as it&#39;s an internal static lib
* Fix install target file
* Allow to co-install
* Port to new syntax
* Add Qt 6 Android CI
* typos–
* Add Qt6 windows CI support
* Hide finding docs dependencies behind ENABLE_DOCS
* Install translations
* qtversionsource: fix Qt 6.5 build
* avoid invalid lastX times
* .gitlab-ci.yml: enable static builds
* add it to CI qt6 bsd
* Fix cmakename in metainfo.yaml
* Tell no data has been sent if no data has been sent
* Give the dialog an actual title
* Remove duplicate header between cpp/h files
* Add windows CI

libqaccessibilityclient 0.5.0 is out now. The release adds Qt 6 support. libqaccessibilityclient is used by KMag and KWin both of which have forthcoming releases that are ported to Qt 6 so there should be no need for distros to build two versions.

https://download.kde.org/stable/libqaccessibilityclient/libqaccessibilityclient-0.5.0.tar.xz

Signed by E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell <jr@jriddell.org>
https://jriddell.org/esk-riddell.gpg

* new release: new version and new ECM URL
* Bump min required Qt6 to 6.5
* Port away from deprecated operator+(Qt::Modifier modifier, Qt::Key key
* Port away from deprecated QVariant::Type
* Add explicit moc includes to sources for moc-covered headers
* Use ECMDeprecationSettings
* Have export macros header include version header (Qt6-only)
* Use QAccessibilityClient6 as package name for Qt6 version
* Use variable to hold CMake config name, also targets file name
* Install headers into QAccessibilityClient/ visibility layer
* Move version setup into src/ subdir
* Use generic target name for generated library
* Move library target property setting next to declaration
* Move CMake config template file into src/ subdir
* Remove unimplemented methods
* Use ECM master when building for Qt6
* Use CamelCase includes
* Fix finding the unit test helper executable
* Add FreeBSD Qt6 CI support
* Add Gitlab CI
* Remove duplicate header between cpp/h files
* We depend against qt5.15
* Use -qt6 when we build against qt6
* Fix find_package
* Fix signals
* Adapt build system for building against qt6
* It&#39;s already define in ecm
* Make compile with strict compile flags
* Make building without deprecated methods
* Fix some compile error
* Add CI definitions information for seed job
* Use more target-centric cmake code
* Use GenerateExportHeader
* Remove module prefixe from Qt includes
* Do not use deprecate QFlatgs(nullptr) constructor
* Fix member init order to match definition order
* Clean up include dirs
* Convert license statements to SPDX expressions
* Add support for AccessibleId property
* Update README.md a bit
* Support API documentation generation with kapidox
* Remove the references to projects.kde.org
* Fix qstring minor optimization
* Port setMargins
* Use only undeprecated KDEInstallDirs variables
* KDECMakeSettings already cares for CMAKE_AUTOMOC and BUILD_TESTING
* Fix use in cross compilation
* Q_ENUMS -> Q_ENUM
* more complete release instructions

Phonon 4.12.0 and Phonon-VLC (phonon-backend-vlc) have new releases today which add Qt 6 support. These tars will by default build Qt 5 and 6 at the same time and we advise distros to ship both builds.

Phonon GStreamer (phonon-backend-gstreamer) is deprecated and we do not advise to use it.

https://community.kde.org/Phonon/Releases/Core/4.12.0

Changes

• Future-proof build fix for clang > 16
• Allow build against Qt6 when also built against Qt5
• Mark Qt6Core5Compat as REQUIRED for Qt6 builds
• let the user opt out of qt 5 or 6 builds
• bring back includes dir
• build qt5 and 6 at the same time
• be explicit about default values
• fix build for qt6
• Omit legacy CMake variables when building with Qt 6
• fix build with clang-16
• Don’t install legacy includes when building against Qt 6
• Allow to build against last kf6
• Add Windows Qt 6 CI
• Update the translations folder name
• Don’t redefine CMAKE_MODULE_PATH
• .gitlab-ci.yml: enable static builds
• Port away from deprecated INSTALL_TARGETS_DEFAULT_ARGS
• Add FreeBSD Qt6 CI support
• We depend against qt5.15 now
• Add Windows CI
• Add Android Qt5 and Qt6 CI
• Take out empty deprecated registerMetaTypes() method in Qt6 builds
• We need const char * (make compile qt6 apps)
• Qt::AA_UseHighDpiPixmaps is enabled by default in qt6
• Add Qt5 and Qt6 Linux CI
• Fix the Qt6 build
• Fix phonon lib name
• Fix coding style + increase ecm
• Adapt build system for building against qt6
• Adapt code for building against qt6
• Make it compiles without deprecated methods
• Add KDE CI configuration for Phonon
• Fix typos found by codespell
• Update IRC network name in Doxygen main page
• Allow to compile with unity support
• Port away from deprecated Qt methods
• Remove module prefixes from Qt includes
• Port away from deprecated QList::swap(i, j)
• Port away from deprecated qVariantFromValue()
• Use Q_DECLARE_OPERATORS_FOR_FLAGS in same namespace as flags definition
• Use more nullptr
• Improve metainfo.yaml
• Use NO_POLICY_SCOPE with KDECompilerSettings
• Remove explicit use of ECM_KDE_MODULE_DIR, is part of ECM_MODULE_PATH
• Remove “virtual” where “override” is used; add missing virtual in destructors
• Revert “Port deprecated qVariantFromValue method”
• Port deprecated qVariantFromValue method
• bump to 4.11.1 for release
• Remove phonon from the include directory
• throw out the qml demo
• import gpl2 for new settings source code
• Reorder cmake macro includes

https://community.kde.org/Phonon/Releases/VLC/0.12.0

Changes

• drop support for libvlc 2.x
• support qt5/6 multibuild
• mediaobject new can throw but does not return null
• .gitignore ignore /compile_commands.json
• Add Linux Qt 5 CI
• Update the translations folder name
• Remove explicit use of ECM_KDE_MODULE_DIR, is part of ECM_MODULE_PATH
• Make compile against qt6
• Add override keyword + use nullptr
• Show all headers in qtc6
• Adapt build system for building against qt6
• Use Qt::end
• Remove obsolete include
• Use override keyword
• Use QStringLiteral (QLAtin1String is deprecated)
• Use Q_SIGNALS/Q_SLOTS
• Fix typos found by codespell
• debug vmem format setup
• use picture_t to calculate pitch lines
• Update the obsolete projects.kde.org URL
• Revert “Port deprecated QLatin1Literal -> QLatin1String”
• Port deprecated QLatin1Literal -> QLatin1String
• preliminary vlc4 port
• only set xwindow when the qt platform actually is xcb (on unix)

Signed by E0A3EB202F8E57528E13E72FD7574483BB57B18D Jonathan Esk-Riddell <jr@jriddell.org>
https://jriddell.org/esk-riddell.gpg

The other day I had to dive into the ksmserver code, the core of session management in KDE Plasma, but found it all a bit difficult to read. If only I could get a callgraph I thought…

Turns out it actually is possible!

In fact it is almost too easy with clang/llvm. There are already solutions that attach LLVM bitcode to existing binaries. e.g. gllvm. gllvm basically is a shim sitting between ninja and the actual compiler and injects some behavior for us. This enables the use without having to refit anything in our existing code. You might note that clazy, our most excellent code analyzer, works in a similar fashion.

Here is how to use it:

# install gllvm (NOTE: as a pre-requisite you should have Go properly set up)
go install -v github.com/SRI-CSL/gllvm/cmd/...@latest

# clone plasma-workspace
git clone https://invent.kde.org/plasma/plasma-workspace
# change directory
cd plasma-workspace
# export environment variables
export CXX=gclang++
export CC=gclang
# You may need to set some additional vars so gllvm can find your compilers
## export LLVM_CC_NAME=clang-16
## export LLVM_CXX_NAME=clazy
# Configure
cmake -S . -B build
# Build
cmake --build build/
# extract the bitcode (into build/bin/ksmserver.bc by default)
get-bc -m -v build/bin/ksmserver
# Run through llvm's opt program to generate a callgraph
opt --disable-output --passes=dot-callgraph build/bin/ksmserver.bc
# copy into working directory
cp build/bin/ksmserver.bc.callgraph.dot callgraph.dot
# prettify the c++ names (this may produce invalid labels, so I'm skipping it here)
## cat build/bin/ksmserver.bc.callgraph.dot | llvm-cxxfilt > callgraph.dot
# generate an SVG of the graph
dot -x -Tsvg -ocallgraph.svg callgraph.dot
# we now have a callgraph.svg \o/

Depending on the complexity of the software and how many libraries it uses this graph may be incredibly large and verbose though. We’ll need to apply some filtering to make it useful. Or at least I thought so when working with ksmserver.

To further filter the graph you can use the gvpr helper. It is a bit clunky but gets the job done. You can build a filter expression to only include interesting functions like so

N{
    if ($.label!="@(*_ZN9KSMServer*)" || $.label=="@(*metacall*)")
        delete($G, $);
}

and then filter the dot graph with

# Filter out uninteresting functions (filter.prog is the filter expression from above)
gvpr -c -f filter.prog build/bin/ksmserver.bc.callgraph.dot > intermediate.gv
# Filter out all empty nodes (they call nothing and are of no interest)
gvpr -c "N[$.degree==0]{delete(root, $)}" intermediate.gv > final.gv
# generate an SVG
cat final.gv | dot -x -Tsvg -ocallgraph.svg

Final result

For a project of mine I need gamepad support. In the past, I’ve happily used QtGamepad, but that has not been ported to Qt 6. It’s not dead, but Andy (QtGamepad’s maintainer) wants to do some re-architecting for a Qt 6 release.

I need QtGamepad now, however, so I’ve ported it myself. It’s not a whole lot of code and Qt’s pro2cmake.py made it a breeze. I’ve renamed the whole thing to QtGamepadLegacy and pushed it to GitHub. So whenever the official QtGamepad is released there should be no naming conflicts. I’ve tested with Qt 6.6.0 and the evdev plugin.

I don’t plan on adding any new features to the port. I’ll try to keep it compatible with upcoming Qt releases, though.

Learn how to use Rive within Qt and Qt Quick.

Rive is a tool (and file format) that enables you to create interactive vector animations. With the RiveQtQuickPlugin, you can effortlessly load and display Rive animations within your QtQuick projects.

In this article, we will demonstrate how to embed Rive files, use different rendering backends, load artboards and trigger animations.

Continue reading Embed Rive in your QtQuick applications at basysKom GmbH.

Long Covid. If you are at all conversant with C20 twenties and thirties detective novels, you’ll know all about the invalids, the incapabables, the chronically ill. That was the flu. Though it never is the protagonist who is suffereing, it’s always someone else.

Well, this time it’s me. The protagonist of my own life.

I got covid when I got jabbed, early 2022. In the vaccination centre. Not because of the vaccine, but because, for some reason, everyone was expected to sit down, in a perspex cubicle for fifteen minutes, unmasked.

Of course, as you know, the covid virus remains infectuous for six hours and airborne, no droplets needed, in any area an infected person has been breathing for about ten minutes.

And no vaccine is immediately effective.

These were incubation incubators.

So I got sick. Really sick. For two weeks I had a horrible fever and was completely bed-ridden.

The aftermath is worse though.

I noticed my cognition was going down: I was (and am) getting dumber. Concentration powers going down. Getting pukey, and after that, shitty, regularly. Heart rates getting up into realms no blood pressure measurement machine could manage to measure. Having to lie down for days.

People wished me well. Wished me to get better soon.

Sorry people, that doesn’t work: this is like M.E., and you don’t get better from that. (In fact, Long Covid might, after all, have provided a pathology that explains M.E.)

Better soon? Bad days are getting increasingly frequent, and while I’l very good on good days, I cannot predict when good days will happen.

There you have it… Puke. Runny shit. Lying down all day in a darkened room. Brain Fog. Every little thing you manage to do is an achievement. Heart palpiations. Doctors telling you you’re malingering. Good days when you’re doubting you are actually sick getting outnumbered by days you cannot even eat, only drink water.

(And don’t ask me about how it’s when your nose if full of the smell of bin liner filled with the intestines of two-weeks dead animals.)

.

..

…

Hey… Masks are the one thing that work.

Happy October and other related holidays! The list of work is a bit smaller, as predicted I was busy this month. However, I have some really exciting work done in PlasmaTube - some of which you may have already seen if you follow me on Mastodon.

I also added a better way to discern bugfixes from features in these posts! It also details which branches and versions the change will appear in. I will be adding this slowly to older posts. I’m also really close to completing a whole year of this blog series, which I started back in January 2023! 🎉 I’ll be detailing more of 2024 plans in December.

Tokodon

[Feature] I added support for viewing server announcements! It doesn’t support emoji reactions yet, because I want to also implement emoji reactions in general (if your server supports it.) [24.02]

[Bugfix] Fixed more cases where media attachments wouldn’t load, if some of the metadata was invalid. [24.02] [23.08]

[Feature] The window geometry and position (if on X11) is now saved and restored. [24.02]

[Feature] A profile’s featured tags are now shown in the filter bar. You can select between them or reset it by tapping on “All”. [24.02]

[Feature] The selected post in a thread is now scrolled to initially, so you don’t have to scroll so much when viewing replies. [24.02]

[Feature] When scrolling to the very end of a timeline, a message is now shown that it’s really the end and you didn’t encounter some kind of bug. [24.02]

[Feature] Tokodon now supports basic notification actions such as viewing the post or the user’s profile. More actions are planned in the future, but this is a good start. [24.02]

[Feature] I cleaned up and merged the offline testing system that was originally pioneered by Rishi Kumar. This doesn’t affect users, but means that Tokodon can be tested more easily. Aka, more stable software! :-) [24.02]

[Bugfix] Add missing PulseAudio, FreeDesktop Secrets and notification permissions for the Tokodon Flatpak. [24.02] [23.08]

NeoChat

[Feature] NeoChat state (such as event cache) will now be stored in it’s own state file, called “neochatstaterc” in ~/.local/share/KDE/neochat. This matches the behavior of other KDE applications, instead of the weirdly named “data” file like before. [24.02]

[Feature] The event cache is now compacted so it’s a little bit smaller, and easier to read. [24.02]

[Feature] The recent emojis are now saved in the state file, instead of the regular config file. Less state in there, woohoo! [24.02]

Kirigami

[Feature] You can now control the isMask property of a Chip. Otherwise, this property is inaccessible, preventing you from changing the icon color. [6.0]

PlasmaTube

I did a ton of work improving PlasmaTube this month. If you haven’t been using PlasmaTube yet, or haven’t tried it in a while… 24.02 in February will be packed with new features and bugfixes!

[Feature] PlasmaTube is now Qt6, complete with the new declarative type registration system. For users, it means that it’s marginally faster and that it’s ready for the February mega-release. [24.02]

[Feature] Different video sources other than Invidious is now supported! The current plan plan is to support Invidious, Piped and PeerTube by 24.02. The feature set of the new video sources are currently limited compared to Invidious, but will be expanded. [24.02]

[Feature] Selecting between video sources is now supported, for example if you have a Invidious instance but also want to watch PeerTube content. [24.02]

[Feature] Along with that, the overall login flow is overhauled to match other Kirigami applications. You can even select from a list of public instances. (Keep in mind that the UI is still a work in progress and will be improved before release.) [24.02]

[Feature] The sidebar is no longer icon only, and matches the UX of other Kirigami applications such as NeoChat, Tokodon and Arianna. There are now several tabs such as “Popular”, “Trending”, “Subscriptions”, “Playlists” and “History”. Some of these are disabled depending on if you’re logged in and if the video source supports them. [24.02]

[Feature] The “Trending” page has been overhauled to use tabs instead of stuffing all of the different types into the page’s actions. [24.02]

[Feature] Added a “Playlists” page! Right now you can only view playlists, but I plan on adding more advanced playlist management soon. [24.02]

[Feature] Added a “History” tab, which of shows you recently watched videos. [24.02]

[Feature] Added a new context menu, shown while long tapping or right-clicking on a video item. You can mark a video as watched or unwatched, add it to a playlist and more. [24.02]

[Feature] Added a picture in picture mode! It’s even possible to control the video using the normal controls in the main window. When closing the PiP window, it will also restore the position in the main player too. [24.02]

[Feature] It’s now possible to use a network proxy in PlasmaTube, but due to FFmpeg limitations you can only set a HTTP proxy unlike other KDE applications which support a SOCKS5 proxy. [24.02]

[Feature] You can now change the default homepage for Invidious sources, which also syncs to the Invidious web frontend and any other clients that support this key. More settings will be available in the future, such as autoplay (which currently does nothing.) [24.02]

[Feature] You can now view comments on a video, which is supported in Invidious, PeerTube and Piped sources. They aren’t very detailed yet, and threading is not yet supported. [24.02]

[Feature] A channel’s avatar, banner and description is now shown on the channel page. Eventually other channel tabs like playlists will be available here too! [24.02]

Merkuro

[Bugfix] Fixed a bug where certain locales would be unable to use the date picker. [24.02] [23.08]

KWallet

[Bugfix] Fixed the “Configure KWallet…” menu item not working. [23.08]

[Feature] Added a visible error message for conditions where KWalletManager could fail and display nothing, like the DBus service failing to activate. [24.02]

KWin

[Bugfix] Fixed the default keybinds for “Switch to Next/Previous Desktop” not being set properly by default, when they probably should. [6.0] [5.27]

Plasma

[Feature] A bunch of small improvements and fixes for the “Show Activity Manager” applet. This is mostly fixing stuff that was broken due to KF6 changes. [6.0]

Kirigami Addons

[Bugfix] Prevent a crash when calculating initials in names that only have parenthesis, such as “(gobble)”. This affects the new Avatar component. [0.12]

See you next month!

During the last years, I’ve been doing a lot of coding and no blogging. That’s a shame because without good announcements, there is no chance for people to know about the code.

All of the projects I’ve been coding on are more or less unfinished which is why I’ve not been too keen on blogging about them. It’s time to get over this inhibition and show the world these rough gems in all their glory.

This blog is just the announcement of more blogs that are about to come. For now, the projects that I’ll be be blogging about are just listed here with a short description and a link to the repository.

I will be fighting the urge to polish the projects more and delay announcing them even further. The plan is to blog about one project per week.

Kwats

RDF graphs contain triples. Prepending the triples from the graph with the IRI of the triples gives quads. The Dutch word kwats sounds like quads but means nonsense.

Kwats is a simple server where triples can be stored and queried. Triples are added in the form of graphs. The graphs are stored as files in git, along with provenance information.

A running server keeps the graphs in memory. Rules about what is allowed in the graphs is written in the form of SHACL.

Subtree of Life

Subtree of Life is a webpage to create phylogenetic trees that show the relationship between the species of your choice. How are cat, dog and bumblebee related? Like this.

The code for this webpage is finished. The user experience, documentation and packaging can be improved.

Xust

Xust was a big COVID project. It is meant to become an XQuery implementation like BaseX and Xidel.

Xust main has 1218 commits and the XQuery functionality is not usable yet. The repository contains Rust crates for an XML DOM, DTD validation, and XML Schema validation.

This is a fun repository to work on because of the large number of tests. The CI shows 75551 tests at the moment that finish in seconds.

Rehorse

Rehorse is a web application for rehearsing music. It started off as way to loop recordings that matches the sheet music. So you can loop easily between, say, measure 10 and 12.

The application has been in production for years but is not very polished. I maintain an instance of it for members of two bands.

Nix flake for KDE software

kde-nix-flake packages KDE software for Nix. Nix is a package manager available for many Linux distributions. It handles packaging, setting up a development environment, testing and deploying.

The file flake.nix contains instructions for running stable and nightly KDE software, setting up a build environment with nix develop, running tests with nix check, using Plasma as a desktop, using the binary cache for quick installation, and running jobs on a CI server.

Keeping this repository up to date with the development speed of KDE has turned out to be a challenge.

Diary

The simply named diary is another unfinished application that has been in production for years. It is a desktop application based on rust-qt-binding-generator that I use to write notes.

It was also meant to keep a calendar and a list of todo’s, but those parts are not finished.

Let’s go for my web review for the week 2023-43. A bit on the finishing line compared to the usual, I didn’t manage to post it earlier today… Well, technically it’s still Friday. 😉

Stop ChatControl! | de.indymedia.org

Tags: tech, politics, surveillance

This is a very worrying development in Europe. This feels a lot like a dream come true for police states… Let’s not go there.

https://de.indymedia.org/node/310589

Europe’s CSAM-scanning plan is a tipping point for democratic rights, experts warn | TechCrunch

Tags: tech, politics, surveillance

A longer account of a seminar showing the amount of people and arguments against chat control. The EU commission is pretty isolated in this madness.

https://techcrunch.com/2023/10/24/eu-csam-scanning-edps-seminar/?guccounter=1

Kyoto Statement on End-To-End Encryption – Global Encryption Coalition

Tags: tech, cryptography, politics, privacy

Timely and needed statement as fights against cryptography are emerging again.

https://www.globalencryption.org/2023/10/kyoto-statement-on-end-to-end-encryption/

Why can’t our tech billionaires learn anything new?

Tags: tech, criticism

An important read in my opinion. This whole manifesto from Andreesen is just ludicrous and this explains very well why. In any case we need more techno-pragmatists and less techno-optimists.

https://davekarpf.substack.com/p/why-cant-our-tech-billionaires-learn

This new data poisoning tool lets artists fight back against generative AI | MIT Technology Review

Tags: tech, cyberpunk, ai, machine-learning, copyright, tools

A very needed tool unfortunately. This is fascinating research as well. The world is really so cyberpunk now.

https://www.technologyreview.com/2023/10/23/1082189/data-poisoning-artists-fight-generative-ai/

Jina AI Launches World’s First Open-Source 8K Text Embedding, Rivaling OpenAI

Tags: tech, ai, machine-learning, gpt, foss

Another open source LLM available out there. This one seems to have interesting properties.

https://jina.ai/news/jina-ai-launches-worlds-first-open-source-8k-text-embedding-rivaling-openai/

From Twitter to X, Elon Musk’s transformation from free speech defender to champion of disinformation | RSF

Tags: tech, twitter, social-media, information, criticism

I never liked the “it’s neutral, it’s just a tool”. A very naive view in my opinion. New illustration of this with Twitter. Tools are inserted in a socio-technical system, and the sociology side will influence the design enough to make the tool not so neutral. Here clearly all hell broke loose and it became a massive danger to democracy due to the level of misinformation and the type of messages which are advantaged by the changes.

https://rsf.org/en/twitter-x-elon-musk-s-transformation-free-speech-defender-champion-disinformation

The Carpentries retires its X/Twitter accounts and Facebook profile

Tags: tech, social-media, twitter, fediverse

More organizations leaving Twitter (now X… rofl). It’s a good thing and a logical step if you take values and code of conduct into account. It clearly became a cesspool from what I see.

https://carpentries.org/blog/2023/10/announcing-the-carpentries-departure-from-x-and-facebook/

GRC | ValiDrive  

Tags: tech, storage, scam, tools

Beware the fraudulent cheap drives you can buy nowadays. Looks like a nifty tool to check a drive if you have suspicions.

https://www.grc.com/validrive.htm

iLeakage

Tags: tech, apple, security

The spectre attack still has real world effects… This affects Safari this time.

https://ileakage.com/

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App | 0xcrypto

Tags: tech, security, web

If you got to implement an OAuth integration. Please be responsible and don’t do this… this could lead to very serious breaches for your users.

https://eval.blog/research/microsoft-account-token-leaks-in-harvest/

Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts

Tags: tech, security

OAuth is nice and taking over the world… but don’t weaken the security, follow all the steps and verify the tokens you get handed.

https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

The Cloud Computer / Oxide

Tags: tech, cloud, infrastructure, foss

OK, I admit this looks like a very cool product. This could turn interesting for private infrastructures. Trying to get the benefits of cloud approaches while keeping it under control.

https://oxide.computer/blog/the-cloud-computer

My 2023 all-flash ZFS NAS build

Tags: tech, storage, networking, self-hosting

Very thorough explanation of an interesting NAS setup. There are a few interesting tools I didn’t know about in there.

https://michael.stapelberg.ch/posts/2023-10-25-my-all-flash-zfs-network-storage-build/

Protomaps | A free and open source map of the world

Tags: tech, tools, geospatial, geography, map

Looks like a nice new solution to host and serve global maps.

https://protomaps.com/

Analyzing Data 180,000x Faster with Rust

Tags: tech, rust, optimization

This gives a good list of things to try when optimizing (Rust code or otherwise).

https://willcrichton.net/notes/k-corrset/

O3DE

Tags: tech, 3d, gaming, simulation

Nice to see Amazon Lumberyard getting a new life. It’s really feature packed.

https://o3de.org/

A Journey Into Shaders

Tags: tech, 3d, shader, mathematics

Wanna get started playing with shaders? This is a neat into leading to a blob made of metaballs.

https://www.mayerowitz.io/blog/a-journey-into-shaders

The Three Cs: 🤝 Concatenate, 🗜️ Compress, 🗳️ Cache – Harry Roberts – Web Performance Consultant

Tags: tech, web, http, caching, compression, performance, networking

Interesting exploration of the performance for web resources when they’re bundled or not. Also dabbles in the reasons behind the exhibited performances, definitely to keep in mind.

https://csswizardry.com/2023/10/the-three-c-concatenate-compress-cache/

Web Components Will Outlive Your JavaScript Framework | jakelazaroff.com

Tags: tech, blog, webcomponents, frontend, complexity

Another testament to the fact that it’s probably better to have minimal dependencies on your webpages. This is especially true for documents if you’re aiming for longevity. If you’re making an actual application the trade-off will be different.

https://jakelazaroff.com/words/web-components-will-outlive-your-javascript-framework/

The Negative Impact of Mobile-First Web Design on Desktop

Tags: tech, usability, ux, design, mobile, desktop

It’s nice that we get more content usable on mobiles… but this shouldn’t come at the expense of bad usability when on desktops.

https://www.nngroup.com/articles/content-dispersion/

Google Testing Blog: Improve Readability With Positive Booleans

Tags: tech, programming, craftsmanship

Definitely a good advice. We’re just better at understanding positive boolean expressions.

https://testing.googleblog.com/2023/10/improve-readability-with-positive.html?m=1

How To Tell Stuff To A Computer - The Enigmatic Art of Knowledge Representation

Tags: tech, knowledge, engineering

Looks like an old website, still it does a neat job of explaining how the field of knowledge representation evolved. This is nice to see a reference for beginners since I dabbled quite a bit into this years ago and it wasn’t very accessible.

https://www.lisperati.com/tellstuff/index.html

There is No Now - ACM Queue

Tags: tech, time, asynchronous, distributed, consistency

Time and synchronization are complicated in distributed systems. Luckily there are solutions to try to ease the pain. It’s not completely avoidable though.

https://queue.acm.org/detail.cfm?id=2745385

Refactoring has a price. Not refactoring has a cost. Either way, you pay.

Tags: tech, refactoring, craftsmanship, cost

Definitely this. One is more painful than the other though. It’s a question of paying small price over tine vs paying a big cost later.

https://www.germanvelasco.com/blog/refactoring-is-a-habit

Private Estimates, Public Progress - by Kent Beck

Tags: tech, agile, project-management, estimates

Indeed, going for scrutiny on made up numbers probably won’t get us nowhere. Tweaking them won’t help either. It’s the shared goals which matter most.

https://tidyfirst.substack.com/p/private-estimates-public-progress

Software Engineering Management Checklist

Tags: tech, management, engineering, learning

Definitely an excellent list to have in mind as soon as you get to engineering management. The four areas listed are the most important.

http://pnewman.org/engineering_mgmt_checklist.txt

We have used too many levels of abstractions and now the future looks bleak

Tags: tech, learning, engineering, criticism

Healthy criticism of where our industry went. Engineers should exhibit curiosity on how the sausage is made, not just blindly use tools they don’t understand.

https://unixsheikh.com/articles/we-have-used-too-many-levels-of-abstractions-and-now-the-future-looks-bleak.html

On Craft

Tags: tech, craftsmanship

Beautiful text. She talks with fondness about her grandfather, but there’s indeed lessons about craftsmanship here. It’s not only about machines, it can’t extend into a humanist world view.

https://www.drcathicks.com/post/on-craft

Advice to a novice programmer

Tags: tech, programming, learning

Good list of advices for someone who just got started programming. Who knows, it might come in handy later.

https://blog.plover.com/prog/katara-advice.html

A literary appreciation of the Olson/Zoneinfo/tz database – Jon Udell

Tags: tech, time, date, history

A database we take for granted… but if you look in the margins it’s full of history and very well crafted.

https://blog.jonudell.net/2009/10/23/a-literary-appreciation-of-the-olsonzoneinfotz-database/

Internet Artifacts

Tags: tech, internet, web, history

Very cool idea. Lots of history in there! There were things I even forgot about.

https://neal.fun/internet-artifacts/

The Theory That Men Evolved to Hunt and Women Evolved to Gather Is Wrong - Scientific American

Tags: history, science

Very interesting dive into where this theory comes from and how wrong it is.

https://www.scientificamerican.com/article/the-theory-that-men-evolved-to-hunt-and-women-evolved-to-gather-is-wrong1/

Bye for now!