Feeds

https://kde.org/announcements/gear/24.12.0

I hope everyone had a wonderful holiday! Your present from me is shiny new application snaps! There are several new qt6 ports in this release. Please visit https://snapcraft.io/store?q=kde

I have also fixed the Krita snap unable to open/save bug. Please test –edge!

I am continuing work on core24 support and hope to be done before next release.

I do look forward to 2025! Begone 2024!

If you can help with gas, I still have 3 weeks of treatments to go. Thank you for your continued support.

https://gofund.me/573cc38e

REST is a loosely defined protocol for listing, creating, changing, and deleting data on your server over HTTP. The Django REST framework (DRF) is a toolkit built on top of the Django web framework that reduces the amount of code you need to write to create REST HTTP API interfaces.

In this course you’ll learn about:

• The REST protocol
• DRF Serializers and how to use them with Django objects
• Using Django views and DRF ViewSet classes to create REST end-points
• Multiple flavors of renderers and how to control their output
• Specifying permissions and limiting who can see what data in your REST API

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Interesting video about the hack of Andrew Tate’s The Real World site [1].

Informative video about Nick Fuentes covering the racism, anti-semitism, misogyny, and how he is clearly in denial about being gay [2]. It ends with his arrest. Hopefully the first of many arrests. This is what conservatives support.

Insightful article covering the history of bus-mastering attacks on computer security and ending with pwning via CF cards [3].

Interesting lecture at the seL4 symposium about attestation of a running Linux kernel [4]. I’m not a fan of most attestation systems but using a separate isolated seL4 process to monitor a Linux VM offers some real benefits.

Interesting seL4 symposium lecture about CPU drivers and the fact that a modern SoC is a distributed computing environment with lots of untrusted firmware [5]. I like the way he slipped and called it “unworthy firmware” instead of “untrustworthy firmware”, I think I’ll copy that.

• [1] https://www.youtube.com/watch?v=j84gB2cbNps
• [2] https://www.youtube.com/watch?v=pdmnHhZYOUg
• [3] https://tinyurl.com/2awdgnht
• [4] https://www.youtube.com/watch?v=lyTyJKugoqU
• [5] https://www.youtube.com/watch?v=DGLSJ8m-X2I

Related posts:

1. Links November 2024 Interesting news about NVidia using RISC-V CPUs in all their...
2. Links August 2024 Bruce Schneier and Kim Córdova wrote an insightful article about...
3. Links June 2024 Modos Labs have released the design of an e-ink display...

Version 0.54 of GNU Collaborative International Dictionary of Englis is available for download.

The dictionary corpus underwent a thorough spell-checking.  A number of articles has been fixed or upgraded.  All files has been reformatted to limit physical line length to 72 characters.

If you are using GNU dico to consult the dictionary, please upgrade to version 2.12.

GNU dico version 2.12 is available for download.

This versions provides important improvements in the gcide module:

• idxgcide skips duplicated headwords.
• Fixed some gcide entities, introduced missing ones.
• Fixed Ancient Greek transliteration.

When given this option, the module will watch for modifications in the dictionary corpus files and rebuild the index file when necessary.

HTML output is enabled by the "html" module option.  It is produced only after "OPTION MIME" command command.

The argument to DEFINE or MATCH command can optionally be modified before being used in actual search.  This allows, for example, to input search terms in transliteration instead of in the actual script.

Conversions are implemented by loadable modules and are associated with individual databases.

This version is shipped with the new module greek_kbd, which implements Greek transliteration.

• Switch to Python 3.11+ with type hints
• Upgrade Django to version 4.2
• Improve desktop and mobile views using HTML5
• Implement a dark mode
• Use Poetry and pyproject.toml
• Integrate Pylint and Mypy for development
• Implement various fixes and improvements

Support for obsolescent libpcre has been withdrawn.

Following Dennis Schubert's post on how LLM bots are scraping the Internet continuously at full speed, I decided to take a look at my own server. If you exclude my chess site which naturally has a lot of unusual organic traffic right now (due to the World Rapid and Blitz Chess Championship; every site update is a long-poll request), I am at a neat 86% of requests matching “crawler” or “bot” in the UA, and then more crawler traffic with spoofed UAs on top of that. (GPTBot at the top, of course, with 25x as many requests as Googlebot. MJ12Bot is in second place, which I'd never even heard of.)

This is unsustainable, but also perhaps not a big surprise; these companies have tons of VC money (so they don't need to care much about being efficient), an insatiable lust for data, questionable ethics, and lack the sophistication in crawling that the traditional web search companies have built up over the last twenty years. So of course they will just follow every link and never really back down. Including, say, try to fetch every single tree object from all of my Git mirrors, including large repositories like an old VLC fork.

I could add robots.txt, but there are tons of them, and it's honestly not a game I want to spend energy on. So I went for a simple solution: Remove the A record. git.sesse.net is now IPv6-only; if your infrastructure administrator is remotely competent, you'll have IPv6 by now, and if not, interested programmers (the main target for Git repositories, obviously) are probably able to fix that easily enough. (Curiously enough, there are still some sites coming in with bogus “Chrome” user agents over IPv4. Not even respecting DNS timeouts, of course…)

We'll see how it turns out; perhaps I'll need to reenable if there's an influx of legitimate users wanting my software. But TBH, as we go into 2025 and IPv6 turns 30, enough is enough anyway. It will soon be more common to have IPv6 than not to have it (47% and counting), so it's time to move on.

Happy new year!

Review: Metal from Heaven, by August Clarke

Metal from Heaven is industrial-era secondary-world fantasy with a literary bent. It is a complete story in one book, and I would be very surprised by a sequel. Clarke previously wrote the Scapegracers young-adult trilogy, which got excellent reviews and a few award nominations, as H.A. Clarke. This is his first adult novel.

Know I adore you. Look out over the glow. The cities sundered, their machines inverted, mountains split and prairies blazing, that long foreseen Hereafter crowning fast. This calamity is a promise made to you. A prayer to you, and to your shadow which has become my second self, tucked behind my eye and growing in tandem with me, pressing outwards through the pupil, the smarter, truer, almost bursting reason for our wrath. Do not doubt me. Just look. Watch us rise as the sun comes up over the beauty. The future stains the bleakness so pink. When my violence subsides, we will have nothing, and be champions.

Marney Honeycutt is twelve years old, a factory worker, and lustertouched. She works in the Yann I. Chauncey Ichorite Foundry in Ignavia City, alongside her family and her best friend, shaping the magical metal ichorite into the valuable industrial products of a new age of commerce and industry. She is the oldest of the lustertouched, the children born to factory workers and poisoned by the metal. It has made her allergic, prone to fits at any contact with ichorite, but also able to exert a strange control over the metal if she's willing to pay the price of spasms and hallucinations for hours afterwards.

As Metal from Heaven opens, the workers have declared a strike. Her older sister is the spokesperson, demanding shorter hours, safer working conditions, and an investigation into the health of the lustertouched children. Chauncey's response is to send enforcer snipers to kill the workers, including the entirety of her family.

The girl sang, "Unalone toward dawn we go, toward the glory of the new morning."

An enforcer shot her in the belly, and when she did not fall, her head.

Marney survives, fleeing into the city, swearing an impossible personal revenge against Yann Chauncey. An act of charity gets her a ticket on a train into the countryside. The woman who bought her ticket is a bandit who is on the train to rob it. Marney's ability to control ichorite allows her to help the bandits in return, winning her a place with the Highwayman's Choir who have been preying on the shipments of the rich and powerful and then disappearing into the hills.

The Choir's secret is that the agoraphobic and paranoid Baron of the Fingerbluffs is dead and has been for years. He was killed by his staff, Hereafterist idealists, who have turned his remote territory into an anarchist commune and haven for pirates and bandits. This becomes Marney's home and the Choir becomes her family, but she never forgets her oath of revenge or the childhood friend she left behind in the piles of bodies and to whom this story is narrated.

First, Clarke's writing is absolutely gorgeous.

We scaled the viny mountain jags at Montrose Barony's legal edge, the place where land was and wasn't Ignavia, Royston, and Drustland alike. There was a border but it was diffuse and hallucinatory, even more so than most. On legal papers and state maps there were harsh lines that squashed topography and sanded down the mountains into even hills in planter's rows, but here among the jutting rocks and craggy heather, the ground was lineless.

The rhythm of it, the grasp of contrast and metaphor, the word choice! That climactic word "lineless," with its echo of limitless. So good.

Second, this is the rarest of books: a political fantasy that takes class and religion seriously and uses them for more than plot drivers. This is not at all our world, and the technology level is somewhat ambiguous, but the parallels to the Gilded Age and Progressive Era are unmistakable. The Hereafterists that Marney joins are political anarchists, not in the sense of alternative governance structures and political theory sanitized for middle-class liberals, but in the sense of Emma Goldman and Peter Kropotkin. The society they have built in the Fingerbluffs is temporary, threatened, and contingent, but it is sincere and wildly popular among the people who already lived there.

Even beyond politics, class is a tangible force in this book. Marney is a factory worker and the child of factory workers. She barely knows how to read and doesn't magically learn over the course of the book. She has friends who are clever in the sense rewarded by politics and nobility, who navigate bureaucracies and political nuance, but that is not Marney's world. When, towards the end of the book, she has to deal with a gathering of high-class women, the contrast is stark, and she navigates that gathering only by being entirely unexpected.

Perhaps the best illustration of the subtlety of this is the terminology in the book for lesbian. Marney is a crawly, which is a slur thrown at people like her (and one of the rare fictional slurs that work exactly as the author intended) but is also simply what she calls herself. Whether or not it functions as a slur depends on context, and the context is never hard to understand. The high-class lesbians she meets later are Lunarists, and react to crawly as a vile and insulting word. They use language to separate themselves from both the insult and from the social class that uses it. Language is an indication of culture and manners and therefore of morality, unlike deeds, which admit endless justifications.

Conversation was fleeting. Perdita managed with whomever stood near her, chipper about every prettiness she saw, the flitting butterflies, the dappled light between the leaves, the lushness and the fragrance of untamed land, and her walking companions took turns sharing in her delight. It was infectious, how happy she was. She was going to slaughter millions. She was going to skip like this all the while.

The handling of religion is perhaps even better. Marney was raised a Tullian, which sits alongside two other fleshed-out fictional religions and sketches of several more. Tullians tend to be conservative and patriarchal, and Marney has a realistically complicated relationship with faith: sticking with some Tullian worship practices and gestures because they're part of who she is, feeling a kinship to other Tullians, discarding beliefs that don't fit her, and revising others.

Every major religion has a Hereafterist spin or reinterpretation that upends or reverses the parts of the religion that were used to prop up the existing social order and brings it more in line with Hereafterist ideals. We see the Tullian Hereafterist variation in detail, and as someone who has studied a lot of methods of reinterpreting Christianity, I was impressed by how well Clarke invents both a belief system and its revisionist rewrite. This is exactly how religions work in human history, but one almost never sees this subtlety in fantasy novels.

Marney's allergy to ichorite causes her internal dialogue to dissolve into hallucinatory synesthesia when she's manipulating or exposed to it. Since that's most of the book, substantial portions read like drug trips with growing body horror. I normally hate this type of narration, so it's a sign of just how good Clarke's writing is that I tolerated it and even enjoyed parts. It helps that the descriptions are irreverent and often surprising, full of unexpected metaphors and sudden turns. It's very hard not to quote paragraph after paragraph of this book.

Clarke is also doing a lot with gender that I don't feel qualified to comment in detail on, but it would not surprise me to see this book in the Otherwise Award recommendation list. I can think of three significant male characters, all of whom are well-done, but every other major character is female by at least some gender definition. Within that group, though, is huge gender diversity of the complicated and personal type that doesn't force people into defined boxes. Marney's sexuality is similarly unclassified and sometimes surprising. My one complaint is that I thought the sex scenes (which, to warn, are often graphic) fell into the literary fiction trap of being described so closely and physically that it didn't feel like anyone involved was actually enjoying themselves. (This is almost certainly a matter of personal taste.)

I had absolutely no idea how Clarke was going to end this book, and the last couple of chapters caught me by surprise. I'm still not sure what I think about the climax. It's not the ending that I wanted, but one of the merits of this book is that it never did what I thought I wanted and yet made me enjoy the journey anyway. It is, at least, a genre ending, not a literary ending: The reader gets a full explanation of what is going on, and the setting is not static the way that it so often is in literary fiction. The characters can change the world, for good or for ill. The story felt frustrating and incomplete when I first finished it, but I haven't stopped thinking about this book and I think I like the shape of it a bit more now. It was certainly unexpected, at least by me.

Clarke names Dhalgren as one of their influences in the acknowledgments, and yes, Metal from Heaven is that kind of book. This is the first 2024 novel I've read that felt like the kind of book that should be on award shortlists. I'm not sure it was entirely successful, and there are parts of it that I didn't like or that weren't for me, but it's trying to do something different and challenging and uncomfortable, and I think it mostly worked. And the writing is so good.

She looked like a mythic princess from the old woodcuts, who ruled nature by force of goodness and faith and had no legal power.

Metal from Heaven is not going to be everyone's taste. If you do not like literary fantasy, there is a real chance that you will hate this. I am very glad that I read it, and also am going to take a significant break from difficult books before I tackle another one. But then I'm probably going to try the Scapegracers series, because Clarke is an author I want to follow.

Content notes: Explicit sex, including sadomasochistic sex. Political violence, mostly by authorities. Murdered children, some body horror, and a lot of serious injuries and death.

Rating: 8 out of 10

Dear blog. This post is inspired by an old friend of mine who has been writing these for the past few years. I meant to do this for a while now, but ended up not preparing anything, so this post is me writing it from memory. There’s likely stuff I forgot, me being gentle with myself I’ll probably just permit myself to complete this list the next couple of days.

I hate bragging, I try to not depend on external validation as much as possible, and being the anti-capitalist that I am, I try to be content with knowing I’m “doing good in the background”. I don’t think people owe me for the work I did, I don’t expect anything in return, and it’s my way of giving back to the community and the people around me. Consider us even.

That being said, I:

• Uploaded 689 packages to Arch Linux
  • Most of which being reproducible, meaning I provably didn’t abuse my position of compiling the binaries
  • 59 of those are signal-desktop
  • 34 of those are metasploit
• Made 28 commits in Alpine Linux’ aports
  • 24 of those being package releases
• Made 43 uploads to Debian
• Made 5 commits in NixOS’ nixpkgs
• Made 1 commit in homebrew-core
• Was one of the people involved in rolling out _FORITFY_SOURCE=3 compiler hardening in Arch Linux, for the entire operating system. I wrote lists, tools, patches and my work got me quoted in the “Additional Considerations” section of the OpenSSF compiler hardening guide for C and C++. There are now more, stricter buffer-overflow checks at runtime that hopefully make your computer harder to exploit in 2025.
• Was one of the people behind the launch of reproduce.debian.net which is analogous to reproducible.archlinux.org that I also helped create 5 years ago. Reproducing these packages (and allowing anybody else to do the same) proves the binaries have not been backdoored by the build server (or whoever compiled them), and if there’s a backdoor, you can likely find it in the source code.
• Integrated librustls, a memory safe TLS implementation, into Arch Linux’ C dynamic linking ecosystem and became one of the authors of the rustls curl TLS backend
• In response to the XZ Jia Tan incident I created whatsrc.org, a source code indexing project. It doesn’t solve anything in itself, but it’s framing the concept of source code inputs and how to reason about them in a way that I consider promising. It also documents and makes it very apparent what specifically is the source code we’re putting into our computers, that would benefit from code reviews.
• Reverse engineered the signal username and QR-code feature
• Wrote 0 blog posts (besides this one)
• Wrote 5.937 messages in irc channels
• Got mentioned 1.664 times on irc
• Attended FOSDEM, Fusion, the Reproducible Builds summit, Hackjunta 2024#2 and 38c3
• Made and printed 8 new sticker designs, and a custom hoodie
• Mastered the art of pragmatic zaza cultivation and processing
• Got 2 new piercings and 2-3 new tattoos (depending on how you count them)

Thanks to everybody who has been part of my human experience, past or present. Especially those who’ve been closest.

cheers,
kpcyrd ✨

Tuesday, 31 December 2024. Today KDE releases a bugfix update to KDE Plasma 6, versioned 6.2.5.

Plasma 6.2 was released in October 2024 with many feature refinements and new modules to complete the desktop experience.

This release adds a month's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include:

• KScreenLocker: X11locker lower m_background when hiding. Commit. See bug #483163
• Powerdevil Daemon: Don't crash in PowerDevil::Core::unloadAllActiveActions(). Commit. Fixes bug #492349
• Discover: UpdatesPage, Fix update description box overlapping with its text. Commit. Fixes bug #491821

I use Hugo to build my website (which you can explore the source code to on GitHub.) And because I love using KDE applications whenever I can, I do all of my editing - from config files, CSS and Markdown for posts - in Kate.

My song & dance when I want to edit my website is a bit inefficient. I would use Kate, then manually navigate to my folder. Or I would invoke Kate from the command-line to do the same. Then I would open a separate Konsole window (and sometimes the integrated terminal) in order to launch Hugo to build the site. I would then open up a separate terminal to perform git operations.

So I have created a neat workflow that I think is worth sharing, in case you didn’t know Kate had these features. This also serves as documentation to myself whenever I want to re-create it.

The first and easiest improvement is to use sessions. You can manage these under the “Session” menu item at the top of Kate.

Instead of opening a fresh Kate session each time, the folder I was in (which is always my site’s folder) and the open documents I have are saved automatically. Note that you probably need the Projects plugin enabled to have access to the “Projects” tab where it’s state is also saved in the session.

The next thing to tackle is making it easier to launch Hugo. We can accomplish this by using External Tools, which is managed under Settings or under the Tools menu item. I have two, one for launching Hugo and the other for stopping it.

These external tools are self-explanatory, but I set the working directory to %{Project:Path} to ensure it’s running at the site root. I also have it set to spit out the Hugo output into the pane, but it doesn’t actually display until the process quits which seems like a bug in Kate.

It’s not a huge deal, as the output is displayed when I use the “Stop Hugo” action. I suggest using the “-O” argument of hugo server to automatically open your default web browser when Hugo completes initialization.

It would be cool to have a preview pane that automatically finds the Markdown file you’re editing and navigate to it, which seems possible. Another nicety would be a native Kate plugin to handle launching/stopping/configuring the Hugo server. But this workflow is already a big improvement over what I had before.

A quick review of my 2024 done in a hurry, trying to remember the many experiences I had, the people I met, the places I visited and the changes I went through.

Today I made a new release of my CP/M emulator and I think that maybe now it will run on Microsoft Windows. Unfortunately I cannot test it!

A working CP/M implementation needs to provide facilities for reading input from the console, both reading a complete line of text and individual keystrokes. These input functions need to handle several different types of input:

• Blocking, waiting for input to become available.
• Non-blocking, returning any pending input if it is available otherwise nothing.
• With echo, so the user can see what they typed.
• Without echo, so the keys are returned by not displayed ot the user.

In the past we used a Unix-specific approach to handle the enabling and disabling of keyboard echoing (specifically we executed the stty binary to enable/disable echos), but this release adds a more portable solution, based around termbox-go which is the new default, and should allow our emulator to work on Microsoft Windows systems.

We always had the ability to select between a number of different output drivers, and as of this release we can now select between multiple input drivers too - with the new portable option being the default. This has been tested on MacOS X systems, as well as GNU/Linux, but sadly I don't have access to Windows to test that.

Fingers crossed it's all good now though, happy new year!

On today's show we are talking with John. This is our chance to learn more about our beloved Talking Drupal show host.

For show notes visit: https://www.talkingDrupal.com/482

• Talking Drupal
• Non-Code Contribution
• Solution Architect
• Personal Background and Interests
• Drupal

John Picozzi - epam.com johnpicozzi

Stephen Cross-@stephencross

Authored by