cultural reviewer and dabbler in stylistic premonitions

  • 51 Posts
  • 71 Comments
Joined 4 years ago
Cake day: January 17th, 2022
  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlLinux terminal with text selectionEnglish
    1·
    19 days ago

    “But you can’t copy with Ctrl+C, it’s…” - You can. When something is selected It copies selection to clipboard, otherwise it sends SIGINT.

    What terminal emulator are you using where ctrl-c copies instead of sending SIGINT when text is selected? In every one I’ve ever used, ctrl-c still sends SIGINT even with text selected (and one must must use ctrl-shift-C/ctrl-shift-V to copy/paste).

    I don’t have any suggestion for getting the behavior you’re asking for, but besides the normal ctrl-(shift)-C/V clipboard FYI you also have two other types of clipboard-like things: one which works anywhere (not only in the terminal) and is actually always automatically copying anything you select and lets you paste from it with middle click (this originated with X Windows but i think most Wayland compositors have also implemented it by now), and another which is found in GNU Readline (used by bash and numerous other REPLs) called the “kill buffer” which can be pasted (or “yanked”) from and cut (or “killed”) to using Emacs keyboard shortcuts (which also include various cursor movement controls).

    Notes:

    • the kill buffer is local to a given readline context, it’s not shared across different shell windows.
    • the list of emacs keybindings in that wikipedia article i linked is currently confusingly referring to the kill buffer as “the clipboard”
    • you can drastically reconfigure your readline keybindings and other behavior by editing your .inputrc file, but you cannot achieve what you were originally asking for because there is no concept of text selection in readline.

    HTH!

  • Arthur Besse@lemmy.mltoEurope@feddit.orgIg Nobel prize for study showing that drunk Germans speak Dutch better than sober onesEnglish
    7·
    2 months ago

    Here is the paper: Dutch courage? Effects of acute alcohol consumption on self-ratings and observer ratings of foreign language skills (sci-hub pdf link).

    It was published in 2017 but only won the Ig Nobel prize this year.

    Abstract

    Aims: A popular belief is that alcohol improves the ability to speak in a foreign language. The effect of acute alcohol consumption on perceived foreign language performance and actual foreign language performance in foreign language learners has not been investigated. The aim of the current study was to test the effects of acute alcohol consumption on self-rated and observer-rated verbal foreign language performance in participants who have recently learned this language.

    Methods: Fifty native German speakers who had recently learned Dutch were randomized to receive either a low dose of alcohol or a control beverage that contained no alcohol. Following the experimental manipulation, participants took part in a standardized discussion in Dutch with a blinded experimenter. The discussion was audio-recorded and foreign language skills were subsequently rated by two native Dutch speakers who were blind to the experimental condition (observer-rating). Participants also rated their own individual Dutch language skills during the discussion (self-rating).

    Results: Participants who consumed alcohol had significantly better observer-ratings for their Dutch language, specifically better pronunciation, compared with those who did not consume alcohol. However, alcohol had no effect on self-ratings of Dutch language skills.

    Conclusions: Acute alcohol consumption may have beneficial effects on the pronunciation of a foreign language in people who have recently learned that language.

  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlA good e-mail client for linux?English
    3·
    8 months ago

    still of Obi-wan Kenobi in Star Wars with subtitle "Now, that's a name I've not heard in a long time. A long time."

    At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.

    I used to use it long ago, and was pretty happy with it.

    But looking closer now, what is going on with security there?! Sorry to be the bearer of probably bad news, but... 😬

    The only three CVEs in their changelog are from 2007, 2010, and 2014, and none are specific to claws.

    Does that mean they haven’t had any exploitable bugs? That seems extremely unlikely for a program written in C with the complexity that being an email client requires.

    All of the recent changelog entries which sound like possibly-security-relevant bugs have seven-digit numbers prefixed with “CID”, whereas the other bugs have four-digit bug numbers corresponding to entries in their bugzilla.

    After a few minutes of searching, I have failed to figure out what “CID” means, or indeed to find any reference to these numbers outside of claws commit messages and release announcements. In any case, from the types of bugs which have these numbers instead of bugzilla entries, it seems to be the designation they are using for security bugs.

    The effect of failing to register CVEs and issue security advisories is that downstream distributors of claws (such as the Linux distributions which the project’s website recommends installing it from) do not patch these issues.

    For instance, claws is included in Debian stable and three currently-supported LTS releases of Ubuntu - which are places where users could be receiving security updates if the project registered CVEs, but are not since they don’t.

    Even if you get claws from a rolling release distro, or build the latest release yourself, it looks like you’d still be lagging substantially on likely-security-relevant updates: there have actually been numerous commits containing CID numbers in the month since the last release.

    If the claws developers happen to read this: thanks for writing free software, but: please update your FAQ to explain these CID numbers, and start issuing security advisories and/or registering CVEs when appropriate so that your distributors will ship security updates to your users!

  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlroot (or sudo) access delay instead of passwordEnglish
    13·
    8 months ago

    sure. first, configure sudo to be passwordless, or perhaps just to stay unlocked for longer (it’s easy to find instructions for how to do that).

    then, put this in your ~/.bashrc:

    alias sudo='echo -n "are you sure? "; for i in $(seq 5); do echo -n "$((6 - $i)) "; sleep 1; done && echo && /usr/bin/sudo '

    Now “sudo” will give you a 5 second countdown (during which you can hit ctrl-c if you change your mind) before running whatever command you ask it to.

  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlSupply Chain Vulnerabilities found and fixed in Fedora's Pagure and openSUSE's Open Build ServiceEnglish
    51·
    8 months ago

    Nice post, but your title is misleading: the blog post is actually titled “Supply Chain Attacks on Linux distributions - Overview” - the word “attacks” as used here is a synonym for “vulnerabilities”. It is not completely clear from their title if this is going to be a post about vulnerabilities being discovered, or about them actually being exploited maliciously, but the latter is at least not strongly implied.

    This lemmy post however is titled (currently, hopefully OP will retitle it after this comment) “Supply Chain Attack found in Fedora’s Pagure and openSUSE’s Open Build Service”. edit: @OP thanks for changing the title!

    Adding the word “found” (and making “Attack” singular) changes the meaning: this title strongly implies that a malicious party has actually been detected performing a supply chain attack for real - which is not what this post is saying at all. (It does actually discuss some previous real-world attacks first, but it is not about finding those; the new findings in this post are vulnerabilities which were never attacked for real.)

    I recommend using the original post title (minus its “Overview” suffix) or keeping your more verbose title but changing the word “Attack” to “Vulnerabilities” to make it clearer.

    TLDR: These security researchers went looking for supply chain vulnerabilities, and found several bugs in two different systems. After responsibly disclosing them, they did these (very nice and accessible, btw - i recommend reading them) writeups about two of the bugs. The two they wrote up are similar in that they both involve going from being able to inject command line arguments, to being able to write to a file, to being able to execute arbitrary code (in a context which would allow attackers to perform supply chain attacks on any software distributed via the targeted infrastructure).

  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlGIMP 3.0.0 taggedEnglish
    14·
    8 months ago

    Could anybody in short explain, what I have to understand from “it’s tagged”?

    Git is the most popular version control system, which lets developers track changes to software source code. A “tag” applies a name (or version number) to a specific point in the history.

    The commit shows that there was a longer with 3.0.0 tag before and now its just 3.0.0

    The link goes to a commit which is tagged GIMP_3_0_0, and shows the change made in this commit. This commit happens to change the version line in a file called meson.build - this file configures Meson, which is used to build GIMP. The version is being changed from 3.0.0-RC3+git to 3.0.0. The string “RC3” in the previous version number is short for “release candidate 3”, and “git” here means that there were additional changes since “release candidate 3” was released.

    What does that tell us? :D

    So far the news and downloads pages still haven’t been updated, but the version being changed to 3.0.0 and this commit being tagged tells us that GIMP 3.0.0 is about to be released: official binaries and an announcement about it can be expected to appear very soon.

    The tag means no more changes will be included in 3.0.0; if some show-stopping bug were discovered now, the version number would be incremented to 3.0.1 rather than to include a fix in 3.0.0. (Technically, a tag can be updated/replaced, but by convention it is not.)

  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlGIMP 3.0 Release Planned for 2025-03-09English
    3·
    9 months ago

    I remember years ago reading about how the GEGL backend would one day enable some “non-destructive editing” features; I just decided to figure out how that works and I see it was sort-of implemented a long time ago but in 3.0 the UI is much better: many things under the Filter menu now have a Merge filter checkbox in their dialog. When that box is unchecked, then applying the filter will make it a (non-destructive!) layer effect and an fx icon will appear for the layer (in the dockable layers dialog, which you can reach with ctrl-L if it isn’t visible). You can apply any number of layer effects, and when you click the fx icon you can reorder them or modify their settings. Very cool!

    Another tip (not new to 3.0): you can type / to open the Search actions window, which lets you quickly find various functionality without needing to dig through menus to figure out where something is :)

    If you want to try a 3.0 release candidate before it is released, it’s easy to install it from the flathub-beta repo as described here. (That page is embarrassingly out of date and says “The current development release of GIMP is 2.99.6 (2021-04-26)” but if you follow the instructions there you’ll currently get version 3.0.0~rc3 which is the latest release candidate from earlier this month.)

Moderates