LWDW: Kneecapped Linux

By Venn Stone Feb 28, 2018 / No Comments

NPM explodes! Canonical wants you to opt-in, Wayland needs documentation and where is XFCE 4.14? All this plus your emails.

Special thanks:
Michael Mc.E (latest patreon)

Subscribe:

Linux Weekly Daily Wednesday
Linux Weekly Daily Wednesday
LinuxGameCast LLP

A weekly dose of all thing Linux and open source with a slice of Pi for good measure.

Apple PodcastsSpotifyAmazon MusicAndroidPandoraPodcast Indexby EmailTuneInRSS

Listen:

Download:

Subscribe Spotify | Pandora | TuneIn | RSS | More

Colour key – Venn Pedro

News:

NPM == BLAM
https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/
https://github.com/npm/npm/issues/19883
https://www.reddit.com/r/programming/comments/7zfbi0/npm_v570_critical_bug_destroys_linux_servers/dunqy1w/

  • V5.7.0 either crashes the system, various local apps, or prevents the system from booting.
  • Dude on Reddit noticed some wackiness and opened a pull request.
  • It was ignored but that’s the norm for outside pull requests.
  • The issue is that if you run NPM with sudo, like say you would if you were deploying it to a server for use by several people, it messed with /usr and /boot permissions.
  • I think we all know what happens when you mess with the permissions of system-wide folders.
  • <Le>I’ve had a look at the pull request that was supposed to fix the issue. Deleting whole chunks of code and changing a tool’s behavior is NEVER going to get approved, the guy noticed something weird (that could have been easily fix with a small patch) and went on and removed the whole sudo related code from the project.
  • THIS is an example of how the Node community is immature. No experienced developer would send a PR like that.</Le>
  • 1. Don’t test in production, kids (yes, deploying something that has just been released == testing in production)
  • 2. Developers, if you are going to ignore pull requests make sure you don’t do something as boneheaded as this.

 

Lappy refresh
https://puri.sm/posts/tpm-by-default-and-free-international-shipping/

  • Purism announced that it has successfully integrated Trammel Hudson’s Heads security firmware into its Trusted Platform Module (TPM)-equipped Librem laptops.
  • Heads is an open-source computer firmware and configuration tool that aims to provide better physical security and data protection.
  • They also now offer free international shipping.
  • Which means people ordering from all over can get their purism laptops for slightly cheaper.

 

Opt-in Upgrade
https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040190.html

  • It’s a start.
  • If you are upgrading Canonical will ask permission before collecting your data.

 

Browser alternatives
https://www.howtogeek.com/335712/update-why-you-shouldnt-use-waterfox-pale-moon-or-basilisk/

  • Ah, a list of browsers i’ve never heard of.
    • We did hear about Pale Moon last week, even if it was just because the dev went in to the BSD proposed packages git and told them to stop.
  • Moral of the story is this.
  • If you are going to use a fork make dang sure you have a valid reason and understand (for the most part) you are using a less secure product.

 

Yaba daba
https://opensource.com/article/17/10/flintos?sc_cid=70160000001273HAAQ

  • Another ChromiumOS respin to give Hexxeh a run for his money.

 

Linux on Linux
https://www.androidpolice.com/2018/02/25/chrome-os-may-soon-able-run-linux-applications-container/

  • Don’t know if i’m a fan of this.
  • Rather like the KISS mentality of Chrome OS
  • Would much rather see Android apps run on Linux with official google support than this.
    • That’s a great idea unless you are in the business of selling Chromebooks.

 

WHAR 4.14
https://fosspost.org/analysis/xfce-4-14-development-roadmap-future

  • “Xfce’s situation is a bit concerning because by the time Xfce 4.14 is out, GTK+ 4 could already be released as stable.”
    • Didn’t stop them from releasing 4.12 with barely any GTK3 support.
  • Honestly, having used Fedora 27 with XFCE for a bit, I wouldn’t mind a few of the apps which need work being replaced with something else which already does have GTK3 support.
    • Replace Squeeze with file-roller,XFBurn with Brasero, volumed with pasystray or volume-icon.
  • Not broke, don’t need fixin.
  • Ever wonder why XFCE users look at you a bit sideways when you talk about issues with your Desktop Manager?
  • It’s the Debian stable of DM’s.

 

RTFM argument defeated
https://www.reddit.com/r/linux/comments/7ze4p1/a_guy_trying_to_develop_for_wayland_it_simply/
https://lists.freedesktop.org/archives/wayland-devel/2018-February/036783.html

  • Points, dude has them.
  • I was surprised that there is no real central documentation.

Slice of Pi

Water Pi (fan of cavity searches?)
https://hackaday.io/project/21222-pipecam-low-cost-underwater-camera

  • Zero, this has a TSA acceptance factor of ZERO.
    • That’s a homemade pipe bomb!

 

Car Pi
https://www.electromaker.io/blog/article/openauto-turns-your-raspberry-pi-into-a-carputer

  • Not entirely sure how the etymological side of me feels about the the word “carputer”

Feedback

Le ARCH
https://linuxgamecast.com/bradley/?dHEEpQe

  • ARCH is a good way to learn Linux because it has a massive community behind it.
  • You know what communities foster?
  • Yeah, all the stuff that helps you learn the Linux.
  • Also, even all you’re doing is following the wiki you learn that the wiki is a good place to go to solve issues.
  • I don’t know about you, strider, but I wished the Arch Wiki was a thing back in 2005.

Related:

LWDW 349: ARC drivers on Linux and Windows 11 on ARM OBS Linux Basics: Multitrack Audio Recording LWDW 327: When DOS is Linux LWDW 358: Edubuntu is back and hacking Xfinity with Linux LWDW 314: Linux on Android 13 & OBS gets Flatpak
0 Comments

Leave Your Reply