Here’s a poster with a super short description of each one to help you keep track and find some new useful Linux tools.

So pm2 (a node process manager package on npm) just caused thousands of CI builds to fail because of an "optionalDependency" on a package called gkt which is requested as a tarball from a server that was returning 503. That package consists of one file which contains this

Lightboard - Super (Simple) tool for making hand written tutorial videos

"The Lightboard is a glass chalkboard pumped full of light. It's for recording video lecture topics. You face toward your viewers, and your writing glows in front of you. "

Lightboard is Open Source Hardware.

http://lightboard.info

Just saw an upwork offer.
The client wants the dev to put all pages into one page.
"That sounds easy" I thought.
But it turns out that the total amount of pages to put into a single page is 904625697166532776746648320380374280100293470930272690489102837043110636675.
HOLY CRAP! EVEN IF I PUT THAT MASSIVE BLOCK INTO A SINGLE PAGE, YOU WOULD NOT BE ABLE TO OPEN IT! THERE IS NO SUCH POWERFUL MACHINE OR EVEN A SOFTWARE THAT CAN MANAGE TO OPEN IT!

This had to be posted!

Fuck all those shitdesigns that interface with their LCD using flat graphite cables!
USE FUCKING COPPER WIRES ALREADY!!! At least those things can take a small fucking tug of gravity during disassembly, unlike that micron-thick graphite junk which fractures even more easily than my goddamn toe did!!!

And as mentioned on Hackaday (https://hackaday.com/2012/09/...), repairing it is hell. How much does it cost to make a decent copper wire.. I can buy those things for like 20 cents from AliExpress, so don't tell me motherfuckturer that you can't. And these copper ribbon wires last on ya, AND can be repaired with a simple soldering job. Unlike this FUCKING GARBAGE!!!

I installed ArchLinux on my smartphone thanks to termux, and now i kinda feel like a god, but don't know what to do.
I'm bored.

Twitter: Julia Evans @b0rk

1. Buy boxes of orange juice, almost past their expiry date.
2. Put boxes on the hot office windowsill for a few weeks.
3. Cool down juice in fridge.
4. "Hey dear coworker, would you like a refreshing juice box on this hot spring day?"
5. Watch coworker retch and vomit, spitting blue-grayish juice over his desk, crying: "Why would you give me old moldy juice without checking the date?"
6. "Do you remember when you told me you didn't have time for unit tests? THIS IS WHAT HAPPENS, DAVE, THIS IS WHAT FUCKING HAPPENS WHEN YOU DEPLOY UNTESTED CODE.... NOW FINISH YOUR JUICE!"

** The most hilarious authentication implementation I've ever seen **

They stored password in cleartext, but never mind, this is sadly quite common.
For some reasons credentials were also case insensitive (maybe to avoid silly tickets from CAPS LOCK lovers?).

Then I had a look to the query executed during the login:
SELECT * FROM users WHERE username LIKE ? AND password LIKE ?;

So I tried logging in with user "admin" and password "%"... and it worked!
I laughed all the day.

Boss: "I don't want to comply with the GDPR"

Me, DPO: "I've told you the house rules. You must comply, stop arguing"

Boss: "But I don't want it. Bobby doesn't have to, and Eve doesn't have to, their moms are cool"

Me: "I don't give a crap about the other kids, you're going to be GDPR compliant. Bob and Eve will end up being raped in prison. It's that what you want?"

Boss: "What if I just pretend to do it."

Me: "I'll take away all your marketing toys. No more mailchimp for you young man."

Boss, crying: "You wouldn't touch my Facebook pixel!"

Me: "Especially your Facebook pixel. I'm so sick of that thing...."

Me: "...Look, you can still play with your toys, all I'm saying is you need to be honest and ask your buddies for consent before you put your pixels up their various holes"

Boss: "But they will never agree!"

Me: "Maybe that is good thing"

Boss: "But how will we get people to like us if I can't feed them pills and insert probes into their holes to measure their responses?"

Me: "Maybe you should focus on being a nice kid, someone people like to play with. Your buddies will tell other kids that you're a nice guy. Now, I'm not going to lie to you, it will be hard work. Much more effort than what you're doing now. But you know, those friends will stick with you for decades, instead of just until the marketing-drugs wear off"

Boss: "I think I want a new mom"

Me: "You signed a contract. You're stuck with me for the next 2 years. And as long as you're living under my roof, you will follow my rules."

1. Humans perform best if they have ownership over a slice of responsibility. Find roles and positions within the company which give you energy. Being "just another intern/junior" is unacceptable, you must strive to be head of photography, chief of data security, master of updating packages, whatever makes you want to jump out of bed in the morning. Management has only one metric to perform on, only one right to exist: Coaching people to find their optimal role. Productivity and growth will inevitably emerge if you do what you love. — Boss at current company

2. Don't jump to the newest technology just because it's popular or shiny. Don't cling to old technology just because it's proven. — Team lead at the Arianespace contractor I worked for.

4. "Developing a product you wouldn't like to use as an end user, is unsustainable. You can try to convince yourself and others that cancer is great for weight loss, but you're still gonna die if you don't try to cure it. You can keep ignoring the disease here to fill your wallet for a while, but it's worse for your health than smoking a pack of cigs a day." — my team supervisor, heavy smoker, and possibly the only sane person at Microsoft.

5. Never trust documentation, never trust comments, never trust untested code, never trust tests, never trust commit messages, never trust bug reports, never trust numbered lists or graphs without clearly labeled axes. You never know what is missing from them, what was redacted away. — Coworker at current company.

Why not have a game of DevSecOpoly? Doing DevOps and Security right!

Haha am Eager to see this.

Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:

ping 1.1

This parses as 1.0.0.1, which thanks to Cloudflare, is now the IP address of an Internet-facing machine which responds to ICMP pings.

Oh, you can also use this trick to parse 10.0.0.x from `10.x` or 127.0.0.1 from `127.1`. It's just like IPv6's :: notation, except less explicit.

!rant
The more I learn about advanced C++ the more I love this language. C++'s template system is so insanely cool!
Just made a proof of concept expression templates based linear algebra library for my own projects. It was actually a lot of fun to make, and seeing it spit out optimized, loop-fused code with no temporary variables...magic.
Long live C++.

Holy fucking shit are email clients bullshit.
I don't know what happened there but if you thought the chrome-firefox-ie-egde gaps back in the days were sick - let me tell you.. email clients are made by the devil himself. All of them. All of them? Yup. Because he made some of them being owned by apple, working beatuiful and no weird stuff.
But on the same end he made some of them owned by microsoft and their office Studios. They use the word engine to render html emails. Read this again. Read it without starting to cry in agony.
But thats not enough. Let's make some of them use an ie-engine and the mac os variants going to use some webkit based renderer. This way there will be no valid ruleset to make it look good on all of them, isn't this great??
Now this might be hell already. But lets pour more salt into these wide opened wounds.
Let there be Germany and United Internet, owning trash like Web.de and GMX, whose android clients going to work completely different across Android and app-versions!
Once you've mastered these, let me introduce you to gmail. Lets take only the body node of your email and do some fuck up with it, so you have to display a non-responsive variant on mobile.
Now you might be thinking "but there are web-based clients, they'll do good ain't they?" Long story short: fuck you.
Not enough.
Let's go back to ms.
Hey dude lets make it possible to scale up your whole system. So old people can read shit better. And now the funny part: let's make it so that the word rendering engine, rendering emails goes completely mayhem on your mail, so it looks like a completely different thing! (:

If you ever receive a newsletter in your inbox and that shit looks like it's planned to look like.. appreciate that shit. Sacrifice a virgin as thanksgiving for it.

TL;DR:
E-Mail needs to die. I'm doing this for over 2 years now and this shit needs to stop asap.

Not. even. once

git add .idea/

!rant I guess. Its coffee on a chip. Just spend 3h making this board to be implemented in my coffee machine. Just to wake up with the smell of coffee. The board is 2.9 by 3.2 cm

So it's been a while since I've posted as my first few months at the new job have been amazing. But now I'm running into issues with a team member that I need to get off my chest.

So my new job is front end development in React. I'm brand new to it but I was promised time to learn on the job. On my first day the team member I'm now having a conflict with offered me help. He's the most experienced so I gladly took it.

But now several months in I've noticed his teaching style doesn't work for me. He'll go into long theoretical explanations whenever I ask a question and I get overwhelmed with info. And he gets frustrated with my inability to process all that, because he feels I waste his time. So frustrated that at one time he just walked out of work and drove home, which was really upsetting to everyone.

My direct manager and my mentor in the company (our software architect), as well as our scrum master (a consultant) are all aware of the conflict. I've been assigned another colleague to help me out. Things were going ok but he got sick so I had to turn back to the team member with the conflict for assistance. Of course frustrations arose again.

Now yesterday during our sprint planning meeting we had to say what we liked and didn't like about the past sprint. And I brought up I feel I need time for learning and that I don't know where to put that, since we don't have a task for it. I said I also felt past approaches weren't working out and that I'd like to take up the offer to go on training. I was trying to word it very neutral to not upset my colleagues, as they tried their best. But the colleague who I had previous conflicts with took it personal and accused me of not listening and that is why my code is awful. While all I've been doing is rely on his code to learn. Long story short it got very heated and direct manager and scrum master who were present had to shut it down.

I'm thinking of talking to my manager and mentor today. It really hurts when you're accused of maliciousness when all you did was try. I know my code isn't perfect. But I get no help in improving it beyond long winded explanations about theory. If I ask for practical help he says he won't write my code for me. Which isn't what I expect. When I say I followed his example he says I shouldn't copy. But two sentences later he says if I don't know what I am doing I should listen to him. It's really very confused and demotivating as a beginner, but he makes it about how I waste his time and ruin his job for him. I understand he tries his best and that it has to be hard when someone seemingly is as dumb as a bag of bricks. But my manager and mentor told me they support me as long as I continue to show improvement. So I asked for alternatives (training, time to study, or whatever I haven't thought of) and now I feel like the bad person. I'm already someone with crippling low self esteem, and I'm thrown into the deep end. It kinda sucks when someone then tells you from the sideline you can't swim and how swimming works. How about tossing me one of those floaty things and then maybe accept I need to hold on to that for a bit and my technique will need work until I can make it on my own? :(

Really love the autosuggestion feature in fish shell. I was a long time zsh user. The autosuggestion feature made me switch permanently.
Why haven't we met before, fish?

If no one has seen this yet, this online read is worth it.

https://sourcemaking.com/

I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.

Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.

He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.

I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.

I included a card:

"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"

Just make up your mind hacker news :

Need Help!

Recommend me a few great video editor on linux, thanks

The Linux kernel team working on the Intel bug considered naming their fix:

Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT.

😂😂😂

For the privacy conscious people under us, take a look at the search engine searx.me.

'but I don't believe it respects privacy when it's not open sour.... ' - it's entirely open source.

You can even install it on your own server!

Okay, this is a rather technical rant and I am sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.

So here it goes:

As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.

1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.

In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.

2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.

3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).

4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).

5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.

6. For gamers: this is not going to affect games (because those are not I/O heavy)

Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.

Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.

For updates refer the kernel tree: https://git.kernel.org/…/ke…/...

For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...

~Cheers~

(Originally written by Adhokshaj Mishra, edited by me. )

Design and make an easily repairable laptop so I can graduate.

Figure out how to use blender for 3d modelling

Move the majority of software use to open sourced software.

Are you finding a new job? take care of this.