@movq@www.uninformativ.de it is.
setpriv
on Linux supports Landlock.
@movq@www.uninformativ.de Thatβs really cool! I wanted to experiment with Landlock in tt as well. But other than just thinking about it, nothing really happened.
Depending on the available Landlock ABI version your kernel supports, you might even restrict connect(β¦)
calls to ports 80, 443 and maybe whatever else has been configured in the subscription list.
A mate visted me and we went on a few hours long hike. We came across a mythical creature in its natural habitat:
setpriv
on Linux supports Landlock.
@prologic@twtxt.net Yeah, itβs not a strong sandbox in jennyβs case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.
I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.
jenny was never meant to be sandboxed, so it canβt make great use of it. Future software might be different.
(And this is finally a strong argument for static linking.)
Looks like hereβs something wrong with Markdown parsing. π€ The original twt looks like this:
>This extension was turned off because it is no longer supported
Thanks Google.
This browser was uninstalled because it absolutely sucks!
So only the first line should be a quote.
This extension was turned off because it is no longer supported
Thanks Google.
This browser was uninstalled because it absolutely sucks!
setpriv
on Linux supports Landlock.
Landlock is still young and a bit unpolished, but itβs slowly getting more popular. π₯³
setpriv
on Linux supports Landlock.
Another example:
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument --landlock-access fs
says that nothing is allowed.
--landlock-rule path-beneath:execute,read-file:/bin/ls-static
says that reading and executing that file is allowed. Itβs a statically linked ls
program (not GNU ls).
--landlock-rule path-beneath:read-dir:/tmp
says that reading the /tmp
directory and everything below it is allowed.
The output of the ls-static
program is this line:
βrwβrββrββββx 3000 200 07-12 09:19 22'491 β /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do stat()
on it and everything, the little x
indicates that getting xattrs also worked.
3000
and 200
are user name and group name β they are shown as numeric, because the program does not have access to /etc/passwd
and /etc/group
.
Adding --landlock-rule path-beneath:read-file:/etc/passwd
, for example, allows resolving users and yields this:
βrwβrββrββββx cathy 200 07-12 09:19 22'491 β /tmp/tmp/xorg.atom
PSA: setpriv
on Linux supports Landlock.
If this twt goes through, then restricting the filesystem so that jenny can only write to ~/Mail/twt
, ~/www/twtxt.txt
, ~/.jenny-cache
, and /tmp
works.
st tries not to redraw immediately after new data arrives:
https://git.suckless.org/st/file/x.c.html#l1984
The exact timings are configurable.
This is the PR that changed the timing in VTE recently (2023):
https://gitlab.gnome.org/GNOME/vte/-/issues/2678
There is a long discussion. Itβs not a trivial problem, especially not in the context of GTK and multiple competing terminal widgets. st dodges all these issues (for various reasons).
Something happened with the frame rate of terminal emulators lately. It looks like thereβs a trend to run at a high framerate now? Iβm not sure exactly. This can be seen in VTE-based terminals like my xiate or XTerm on Wayland. foot and st, on the other hand, are fine.
My shell prompt and cursor look like this:
$ β
When I keep Enter pressed, I expect to see several lines like so:
$
$
$
$
$
$
$ β
With the affected terminal emulators, the lines actually show up in the following sequence. First, we have the original line:
$ β
Pressing Enter yields this as the next frame:
$
β
And then eventually this:
$
$ β
In other words, you can see the cursor jumping around very quickly, all the time.
Another example: Vim actually shows which key you just pressed in the bottom right corner. Keeping j
pressed to scroll through a file means I get to see a j
flashing rapidly now.
(I have no idea yet, why exactly XTerm in X11 is fine but flickering in Wayland.)
The WM_CLASS
Property is used on X11 to assign rules to certain windows, e.g. βthis is a GIMP window, it should appear on workspace number 16.β It consists of two fields, name
and class
.
Wayland (or rather, the XDG shell protocol β core Wayland knows nothing about this) only has a single field called app_id
.
When you run X11 programs under Wayland, you use XWayland, which is baked into most compositors. Then you have to deal with all three fields.
Some compositors map name
to app_id
, others map class
to app_id
, and even others directly expose the original name
and class
.
Apparently, there is no consensus.
@iolfree@tilde.club Oh dear! All the best to this feller. I wouldnβt want to trade places with him.
@lyse@lyse.isobeef.org Haha π€£
We covered quite some ground in the two and a half hours today. The weather was nice, mostly cloudy and just 23Β°C. Thatβs also why we decided to take a longer tour. We saw four deer in the wild, three of which I managed to just ban on film, quality could be better, though. My camera produced a hell lot of defocused photos this time. Not sure whatβs going on with the autofocus. https://lyse.isobeef.org/waldspaziergang-2025-07-10/
When the sun came out, colors were just beautiful:
@prologic@twtxt.net @bender@twtxt.net Thatβs what I thought as well, sounds way too expensive to me. But I have no idea what the prices are over here. Probably also astronomical. Campers sit around most of the time, one really would need to use them a lot to justify spending so much money on them.
But yeah, each to their own (expensive) hobbies. :-) I, for example, burn my money on tools that I donβt reallyβ’ need. :-P
@bender@twtxt.net An older Firefox on Debian.
@prologic@twtxt.net well, the ones down there (on your list) are pretty minimal, basic even. Yet, their pricing is super high (number wise, havenβt checked the equivalent from AUD to USD).
@bender@twtxt.net are they really though when you factor in the weaker AUD? π§
Those campers are so expensive! For comparison: https://www.rvtrader.com/Orlando/rvs-for-sale?city=orlando&state=Florida%7CFL
Been spending a lot of time researching campers as I want to / plan to upgrade our current Camper Trailoer (forward fold) Stoney Creek XL-FF6 to a slightly larger Hybrid Camper/Caravan with ensuite, internal kitchenette, external full hitchen, pop-top roof and twin bunks.
This is the summary and whittling down of my research so far: https://wiki.mills.io/s/1103bc9c-dd75-4a98-b64b-8dadc5b0e51f/doc/comparision-Ln03Moiibq
@lyse@lyse.isobeef.org which browser do you use? Chrome, Edge, and Firefox, under Ubuntu, all show it fine.
@movq@www.uninformativ.de This one is too bleeding edge for me, not even my browser can render it.
Yeah, little fellow. I also just want to walk away. https://movq.de/v/bef8c35f01/ach.mp4
βπ«©β is my new favorite emoji.
@kat@yarn.girlonthemoon.xyz I dislike him big time. It was a sad day when Tumblr felt on his hands.
@lyse@lyse.isobeef.org Yeah, if thereβs no stable API, then itβs not a lot of fun β¦ Bah. :|
@kat@yarn.girlonthemoon.xyz Ok π
i made a new tumblr account to interact with fandom last week. while using the site today i got logged out and when i logged back in i was told my account was terminated. mullenweg will pay for this
@prologic@twtxt.net iβll email you!
@movq@www.uninformativ.de I couldnβt agree more! Itβs far from easy. Iβm not free of this guilt either. But Iβm hardly trying.
We got some colorful spots in the sky this evening: https://lyse.isobeef.org/abendhimmel-2025-07-08/
@movq@www.uninformativ.de Iβd love to have a Python script pushing my local CSV, too. But thatβs never gonna fly, not in a thousand years. I canβt imagine that ever becoming reasonably stable without having to fix everything after the reverse-engineered API changes again.
β¦ but you canβt set SDL_VIDEODRIVER=wayland
globally, because that breaks Wine again β¦
β¦ okay, the SDL backend works if you also set SDL_VIDEODRIVER=wayland
.
@lyse@lyse.isobeef.org dmenu is a great example.
There have been several attempts at porting dmenu from X11 to Wayland. Well, not exactly βportingβ it, more like rewriting it from scratch. Turns out: Itβs not that easy.
dmenu is super fast and reliable. None of the Wayland rewrites are (at least none of the popular ones that I know of). They are either bloated and/or slow.
It takes a lot of discipline and restraint to write simple software and not blow up the codebase. This is much harder than people think. Itβs a form of art, really.
@lyse@lyse.isobeef.org I do my timetracking in a little Python script, locally. Every now and then, I push the data to our actual service. Problem solved β but itβs a completely unpopular approach, they all want to use the web site. I donβt get it. Then, of course, when itβs down, shit hits the fan. (Luckily, our timetracking software is neither developed nor run by us anymore. Itβs a silly cloud service, but the upside is that Iβm not responsible anymore. π€·)
Some of our oldschool devs tried to roll out local timetracking once, about 15 years ago. I donβt remember anymore why they failed β¦
This is developed inhouse, Iβm just so glad that weβre not a software engineering company. Oh wait. How embarrassing.
Oh to be anonymous on the internet. That must be nice. π
@movq@www.uninformativ.de Yeah, luckily, there is the suckless project. I couldnβt live without dmenu!
β¦ but the SDL backend is broken as well, albeit differently β¦
@movq@www.uninformativ.de Yeah, itβs a shitshow. MS overconfirms all my prejudices constantly.
Ignoring e-mail after lunch works great, though. :-)
Our timetracking is offline for over a week because of reasons. The responsible bunglers are falling by the skin of their teeth: https://lyse.isobeef.org/tmp/timetracking.png
- The error message neither includes the timeframe nor a link to an announcement article.
- The HTML page needs to download JS in order to display the fucking error message.
- Proper HTTP status codes are clearly only for big losers.
- Despite being down, heaps of resources are still fetched.
I find it really fascinating how one can screw up on so many levels. This is developed inhouse, Iβm just so glad that weβre not a software engineering company. Oh wait. How embarrassing.
β¦ which is probably a GTK bug.
QEMU on Wayland unusable, because it canβt grab the mouse β¦ Iβll add it to my TODO list and investigate/report it eventually.
@movq@www.uninformativ.de This is a really good example of βsimplicityβ but achieves the intent and goals π
(Now, I donβt know if your screen reader can work with this. Let me know if it doesnβt.)
I donβt use a screen reader fortunately (actually theyβre pretty garbage). So all good π (I juse use full-screen zoom).
@prologic@twtxt.net Yeah, this really could use a proper definition or a βmanifestβ. π Many of these ideas are not very wide spread. And I havenβt come across similar projects in all these years.
Letβs take the farbfeld image format as an example again. I think this captures the βspiritβ quite well, because this isnβt even about code.
This is the entire farbfeld spec:
farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:
ββββββββββ€ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Bytes β Description β
β βββββββββͺββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β 8 β "farbfeld" magic value β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β 4 β 32-Bit BE unsigned integer (width) β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β 4 β 32-Bit BE unsigned integer (height) β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β [2222] β 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major β
ββββββββββ§ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.
(Now, I donβt know if your screen reader can work with this. Let me know if it doesnβt.)
I think these are some of the properties worth mentioning:
- The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
- There are no βknobsβ: Itβs just a single version, itβs not like thereβs also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
- Despite being so simple, itβs useful. Iβve used it in various programs, like my window manager, my status bars, some toy programs like βtuxeyesβ (an Xeyes variant), or Advent of Code.
- The format does not include compression because it doesnβt need to. Just use something like bzip2 to get file sizes similar to PNG.
- It doesnβt cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided itβs not worth the trouble.
- They refrained from adding extra baggage like metadata. It would have needlessly complicated things.
@lyse@lyse.isobeef.org Nice shot! π³
For example, I reckon software should treat stdout
and stderr
with care and never output logs or other such garbage to stdout
that cannot possibly be useful in a UNIX pipeline π