| XZ Backdoor symbol deobfuscation. Updated as i make progress |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| // ==UserScript== | |
| // @name GitHub: remove `?tab=readme-ov-file` from URL | |
| // @description GitHub: remove `?tab=readme-ov-file` from URL | |
| // @namespace https://gist.github.com/vogler | |
| // @downloadURL https://gist.github.com/vogler/74edff6de37c3a13eeff8c99c6bed910/raw/clean-url-readme-tab.github.com.tamper.js | |
| // @version 0.1 | |
| // @author Ralf Vogler | |
| // @match https://github.com/* | |
| // @icon https://www.google.com/s2/favicons?sz=64&domain=github.com | |
| // @grant none |
| """ | |
| MIT License | |
| Copyright (c) 2023 David Buchanan | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is |
| #! /bin/sh | |
| # the metadata only contains the name of the default sink | |
| default_sink_name=$(pw-metadata 0 'default.audio.sink' | grep 'value' | sed "s/.* value:'//;s/' type:.*$//;" | jq .name) | |
| default_sink_id=$(pw-dump Node Device | jq '.[].info.props|select(."node.name" == '" $default_sink_name "') | ."object.id"') | |
| current_volume=$(pw-cli enum-params "$default_sink_id" 'Props' | grep -A 2 'Spa:Pod:Object:Param:Props:channelVolumes' | awk '/Float / {gsub(/.*Float\s/," "); print $1^(1/3) }') | |
| change="${1:-0.1}" # defaults to increment of 0.1 | |
| new_volume=$(echo "$current_volume $change" | awk '{printf "%f", $1 + $2}') | |
| # we need to reconvert to cubic root | |
| #new_volume_cube=$(echo "$new_volume" | awk '{ print $1^3 }') |
The user experience of Python on a minimal Debian or Ubuntu installation is bad. Core features like virtual environments, pip bootstrapping, and the ssl module are either missing or do not work like designed and documented. Some Python core developers including me are worried and consider Debian/Ubuntu's packaging harmful for Python's reputation and branding. Users don't get what they expect.
The problems can be easily reproduced with official Debian and Ubuntu containers in Docker or Podman. Debian Stable (Debian 10 Buster) comes with Python 3.7.3. Ubuntu Focal (20.04 LTS) has Python 3.8.5.
Hence, if you are interested in existing applications to "just work" without the need for adjustments, then you may be better off avoiding Wayland.
Wayland solves no issues I have but breaks almost everything I need. Even the most basic, most simple things (like xkill) - in this case with no obvious replacement. And usually it stays broken, because the Wayland folks mostly seem to care about Automotive, Gnome, maybe KDE - and alienating everyone else (e.g., people using just an X11 window manager or something like GNUstep) in the process.
Wayland proponents make it seem like Wayland is "the successor" of Xorg, when in fact it is not. It is merely an incompatible alternative, and not even one that has (nor wants to have) feature parity (missing features). And unlike X11 (the X Window System), Wayland protocol designers actively avoid the concept of "windows" (making up incompr
| -- awesomewm fancy_taglist: a taglist that contains a tasklist for each tag. | |
| -- Usage: | |
| -- 1. Save as "fancy_taglist.lua" in ~/.config/awesome | |
| -- 2. Add a fancy_taglist for every screen: | |
| -- awful.screen.connect_for_each_screen(function(s) | |
| -- ... | |
| -- local fancy_taglist = require("fancy_taglist") | |
| -- s.mytaglist = fancy_taglist.new({ | |
| -- screen = s, |
