HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thefr0g

no profile record

comments

thefr0g
·5 lat temu·discuss
He probably meant https://gitea.io ;)
thefr0g
·5 lat temu·discuss
> GH should really be considered a potential single point of failure now.

now…
thefr0g
·5 lat temu·discuss
> Yes, it is a VST plugin

Shouldn't that be the easiest way to distribute audio software for linux? It's just a static shared library and maybe some data.

> This is the first time I'm reading of Pipewire, and it sounds promising, but will need to have host support before it becomes a reasonable VST / LADSPA replacement.

I'm pretty sure they didn't mention pipewire as a replacement for vst or lv2 (or ladspa lol). It's benefit would be for your standalone since it supports alsa, jack and pulseaudio clients and can get decent latency.
thefr0g
·5 lat temu·discuss
> The only part that "only works on Windows" is the RDP client.

Ah ok, I thought they have an X server running under windows, but apparently not. (Was that in some previous version? I remember reading that.)

> so presumably the FreeRDP client would be just fine on Linux.

Memory sharing would need support by the hypervisor I guess, that probably means hacking FreeRDP, rdp-wayland-backend and the hypervisor :\
thefr0g
·5 lat temu·discuss
I didn't know virtio_wl, it looks pretty neat. WSLg doesn't seem to have too much focus on sandboxing and only works on windows :(
thefr0g
·5 lat temu·discuss
> x11docker is just a (very convenient) security layer for containers which need to expose graphics (and possibly webcam, audio, networking, clipboard, printers...). Kata Containers are just "micro VMs" where you spin up a separate kernel to drop the container into.

Yeah, thats what I meant, you can just use kvm and your gui/audio/etc. stuff directly instead of having all the unnessecary complexity and dependency those layers bring along.

> Bubblewrap is okay if you trust your kernel

Thats why I proposed it for when you don't need virtualisation. You can ofc also use it in a VM to further restrict processes.
thefr0g
·5 lat temu·discuss
> Another approach might be x11docker [5] with Kata Containers [6].

Why all the complexity? Just qemu/kvm and xpra, waypipe, whatever would be way simpler and in turn have way smaller of an attack surface. Same if you don't need virtualisation, just use bubblewrap instead of docker etc. It will even give you more fine grained control and you can just use your distributions package manager to keep everything up to date.
thefr0g
·5 lat temu·discuss
> Only over X11 network protocol?

If you read the examples you'll see that they mount /tmp/.X11-unix in the container, thats where the X-Sessions Unix domain socket is. You can do the same for pulseaudio. But you shouldn't. Use Wayland and Pipewire if you are actually interested in using this as a security measure, since they are built for sandboxing.

> I thought modern browsers would need /dev/dri/?

They only need it for hw-acceleration. You can also give the container access to it if you need that.
thefr0g
·5 lat temu·discuss
So you got what he meant to say?
thefr0g
·5 lat temu·discuss
> I wonder what the next Crypto AG (CIA front) will be

NSA: VPN and "secure" webmail providers

CIA: They don't need fronts anymore, they have CISCO, Juniper, Netgear, etc.
thefr0g
·5 lat temu·discuss
Question to all software architects: At which point do you decide to implement a DSL?

Also I see nothing wrong with this except for the hungarian PascalCase…
thefr0g
·5 lat temu·discuss
> What is to stop someone who MITM's the artist's webpage from selling NFTs on their behalf?

I guess anti-fraud laws… Also, to my disappointment, someone already got banksy.io :D
thefr0g
·5 lat temu·discuss
You can easily double the price. I'd limit the amount of support/feature requests that includes so heavy users will have to pay more :D
thefr0g
·5 lat temu·discuss
> What do you HN think about the licensing?

My immediate thought when I read your post was GPL or GTFO, so I guess it's fine ;)
thefr0g
·5 lat temu·discuss
> On a rooted phone the local database copy could be fiddled with I guess

If you depend on users (attackers) not being able to modify their software or environment and poke around at each and every bit of your (publicly accessible) interfaces you are doing something awfully wrong!

> but the user needs to be authenticated to upload a database

Is registration for your service limited to a fixed amount of trustworthy people? Otherwise this isn't an obstacle.

> the lambda that extracts the data is sandboxed to access only what it needs

Using a simple serialisation format would be orders of magnitudes safer (and simpler)

> Unless there is some way to introduce a malicious side effect to a select statement in sqlite?

See all the links posted here already
thefr0g
·5 lat temu·discuss
> By contrast, the U.S. killed Taiwan's nuclear program the moment it was discovered

Why don't they start with their own?
thefr0g
·5 lat temu·discuss
> Worse, focusing on the computer consumption may push web developers to just move computations to the server side, where the energy consumption is not measured.

Server side energy consumption is directly measured by how much money it costs to run the servers. The only reason web devs waste client processing power like there is no tomorrow is that it doesn't cost anything.
thefr0g
·5 lat temu·discuss
Has anyone here used scripting languages on a microcontroller? And if so why? For user-scripting? I can't really think of another practical use case but there are multiple implementations of pretty high-level languages out there so someone must be using them.

You'd have to build some hardware abstraction to use with the scripting language anyways at which point you could just use the language you wrote the abstraction in imo. Is it so you can have inexperienced (cheaper?) devs do the maintainence? For all the embedded projects I worked on the high level program logic wasn't the thing that took the most effort.
thefr0g
·5 lat temu·discuss
Ardour is really great for recording and mixing. For a more "contemporary" workflow you might want to try zrythm¹, it's getting better and better. (I still use Bitwig though…) If you exclusively make electronic music you could also look into LMMS², it's more of an electronic-music-toy than an actual DAW but thats not necessarily a bad thing.

¹ https://www.zrythm.org/en/explore.html ² https://lmms.io/
thefr0g
·5 lat temu·discuss
> we still don't have form and CB auto completion

Yes please save all of your personal and payment information in your browser, I don't see how that could be a bad idea.