In 1996, they came up with the X11 “SECURITY” extension:

https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/

This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.

That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.

Today, sandboxing is a thing. Today, this matters.

I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:

Why not extend the X server?

Because for the first time we have a realistic chance of not having to do that.

https://wayland.freedesktop.org/faq.html

I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.

But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.

All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)

Since Fastly acquired and recently shut down glitch.com, some of my ancient webapps are no longer available, nor do I have any plans to make them available again - all had either zero, or very few monthly visits, used outdated libraries and would be a waste of money, to continue hosting and updating elsewhere.

All art archives remain unaffected and all projects shut down before 2025, were already permanently deleted, but if there’s someone out there, still relying on the recently discontinued projects, somehow - you can reach out and request their source code.

These requests will only be honoured, until the end of this year, when we plan to permanently delete, all of this data (both webapps and files only hosted on Amazons CDN).

Canine out °_°

Heck yeah, that’s damn cool: Reading QR codes without a computer! https://qr.blinry.org/

@lyse@lyse.isobeef.org “Advanced”, well, probably more “mature”. There aren’t a ton of crazy features and that icon thing is the largest code addition in the last 10 years. %)

Speaking of OS/2 … I just realized that Windows 3.x didn’t have icons, either. If I’m not mistaken, this only got added in Windows 95. In other words, OS/2 had this feature before Windows did, because at least OS/2 2.1 from 1993 had icons. Who would have thunk.

(Now I kind of want to know which system really introduced this feature.)

@kat@yarn.girlonthemoon.xyz NVM i stole other peoples code to make a dictionary lookup script https://bytes.4-walls.net/kat/dotfiles/src/branch/main/config/.local/bin/dict

@lyse@lyse.isobeef.org @kat@yarn.girlonthemoon.xyz I spent so much time in the past figuring out if something is a dict or a list in YAML, for example.

What are the types in this example?

items:
- part_no:   A4786
  descrip:   Water Bucket (Filled)
  price:     1.47
  quantity:  4
- part_no:   E1628
  descrip:   High Heeled "Ruby" Slippers
  size:      8
  price:     133.7
  quantity:  1

items is a dict containing … a list of two other dicts? Right?

It is quite hard for me to grasp the structure of YAML docs. 😢

The big advantage of YAML (and JSON and TOML) is that it’s much easier to write code for those formats, than it is with XML. json.loads() and you’re done.

@movq@www.uninformativ.de Yeah, it’s a shitshow. MS overconfirms all my prejudices constantly.

Ignoring e-mail after lunch works great, though. :-)

Our timetracking is offline for over a week because of reasons. The responsible bunglers are falling by the skin of their teeth: https://lyse.isobeef.org/tmp/timetracking.png

1. The error message neither includes the timeframe nor a link to an announcement article.
   
2. The HTML page needs to download JS in order to display the fucking error message.
   
3. Proper HTTP status codes are clearly only for big losers.
   
4. Despite being down, heaps of resources are still fetched.
   

I find it really fascinating how one can screw up on so many levels. This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

@prologic@twtxt.net Yeah, this really could use a proper definition or a “manifest”. 😅 Many of these ideas are not very wide spread. And I haven’t come across similar projects in all these years.

Let’s take the farbfeld image format as an example again. I think this captures the “spirit” quite well, because this isn’t even about code.

This is the entire farbfeld spec:

farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:

╔════════╤═════════════════════════════════════════════════════════╗
║ Bytes  │ Description                                             ║
╠════════╪═════════════════════════════════════════════════════════╣
║ 8      │ "farbfeld" magic value                                  ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4      │ 32-Bit BE unsigned integer (width)                      ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4      │ 32-Bit BE unsigned integer (height)                     ║
╟────────┼─────────────────────────────────────────────────────────╢
║ [2222] │ 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major ║
╚════════╧═════════════════════════════════════════════════════════╝

The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.

(Now, I don’t know if your screen reader can work with this. Let me know if it doesn’t.)

I think these are some of the properties worth mentioning:

• The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
  
• There are no “knobs”: It’s just a single version, it’s not like there’s also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
  
• Despite being so simple, it’s useful. I’ve used it in various programs, like my window manager, my status bars, some toy programs like “tuxeyes” (an Xeyes variant), or Advent of Code.
  
• The format does not include compression because it doesn’t need to. Just use something like bzip2 to get file sizes similar to PNG.
  
• It doesn’t cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided it’s not worth the trouble.
  
• They refrained from adding extra baggage like metadata. It would have needlessly complicated things.

@prologic@twtxt.net Hm, I wouldn’t say that. Go code could fall into that category as well.

Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)

In all fairness, GOG says that Forsaken is only supported on Ubuntu 16.04 – not current Arch Linux. If you ask me, this just goes to show that Linux is not a good platform for proprietary binary software.

Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.

It annoys me when I clone a git repository A in order to build and self-host some software, only to realize later that I also needed to clone repos B, C and D. I’m not saying that’s a bad thing–logical separation of code between, say, a client and a server is very handy–but some projects do not communicate very well when you need multiple tools to get it running independently.

I did a “lecture”/“workshop” about this at work today. 16-bit DOS, real mode. 💾 Pretty cool and the audience (devs and sysadmins) seemed quite interested. 🥳

• People used the Intel docs to figure out the instruction encodings.
  
• Then they wrote a little DOS program that exits with a return code and they used uhex in DOSBox to do that. Yes, we wrote a COM file manually, no Assembler involved. (Many of them had never used DOS before.)
  
• DEBUG from FreeDOS was used to single-step through the program, showing what it does.
  
• This gets tedious rather quickly, so we switched to SVED from SvarDOS for writing the rest of the program in Assembly language. nasm worked great for us.
  
• At the end, we switched to BIOS calls instead of DOS syscalls to demonstrate that the same binary COM file works on another OS. Also a good opportunity to talk about bootloaders a little bit.
  
• (I think they even understood the basics of segmentation in the end.)
  

The 8086 / 16-bit real-mode DOS is a great platform to explain a lot of the fundamentals without having to deal with OS semantics or executable file formats.

Now that was a lot of fun. 🥳 It’s very rare that we do something like this, sadly. I love doing this kind of low-level stuff.

@lyse@lyse.isobeef.org lol – I explicitly kept them in there so that the code is easier to understand for non-Rust people 🤪😂

Saw this on Mastodon:

https://racingbunny.com/@mookie/114718466149264471

18 rules of Software Engineering

1. You will regret complexity when on-call
   
2. Stop falling in love with your own code
   
3. Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
   
4. Everyone hates code they didn’t write
   
5. Don’t use unnecessary dependencies
   
6. Coding standards prevent arguments
   
7. Write meaningful commit messages
   
8. Don’t ever stop learning new things
   
9. Code reviews spread knowledge
   
10. Always build for maintainability
    
11. Ask for help when you’re stuck
    
12. Fix root causes, not symptoms
    
13. Software is never completed
    
14. Estimates are not promises
    
15. Ship early, iterate often
    
16. Keep. It. Simple.
    

Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.

AI-assisted coding for teams that can’t get away with vibes
Comments ⌘ Read more

Claude Code: Game Changer or Just Hype? ⌘ Read more

Tell HN: Help restore the tax deduction for software dev in the US (Section 174)
Companies building software in the US were hit hard a few years ago when the tax code stopped allowing deduction of software dev expenses. Now they have to be amortized over several years.

HN has had many discussions about this, including The time bomb in the tax code that’s fueling mass tech layoffs - https://news.ycombinator.com/item?id=44180533 - (927 comments) a few days ago. Other thr … ⌘ Read more

GitHub for Beginners: Code review and refactoring with GitHub Copilot
Learn how to use GitHub Copilot to help review and polish your code.

The post GitHub for Beginners: Code review and refactoring with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Field Notes From Shipping Real Code With Claude
Comments ⌘ Read more

What next after vibe coding
One interesting possible future of the emergence of “vibe coding” as common terminology is the possibility to position an alternative.

“Real coding”?

Future think pieces:

• ‘You can get yourself up and running quickly with “vibe coding” but when you get traction you’re going to want have people doing “real coding”’

• ‘switching from vibe coding to real coding will typically cost you X% of you initial development, so don’t put off switching too late’

[Comments](https://lobste.rs/s/m … ⌘ Read more

Context7: Up-to-date documentation for LLMs and AI code editors
Comments ⌘ Read more

105 vibe-coded tools
Comments ⌘ Read more

That’s the code, it’s surprisingly simple: https://movq.de/v/81dd5649be/

Assigning and completing issues with coding agent in GitHub Copilot
Have you tried the new coding agent in GitHub Copilot? Here’s how developers are using it to work more efficiently.

The post Assigning and completing issues with coding agent in GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Phasing out Bazaar code hosting at Launchpad
Comments ⌘ Read more

Machine Code Isn’t Scary
Comments ⌘ Read more

CodeEdit Might be the Best Free Code Editor for Mac
CodeEdit is an increasingly popular, free, open source native code editor for Mac that offers a super lightweight and speedy alternative to other code editors for Mac like Xcode, Zed, Visual Studio Pro, and other similar apps and IDEs. CodeEdit offers a fast experience that feels like it was built for MacOS, with many of … Read More ⌘ Read more

Boredom Over Beauty: Why Code Quality is Code Security
Comments ⌘ Read more

Coding Through Chaos: Addiction, Recovery and Acceptance
Comments ⌘ Read more

“AI” coding chatbot funded by Microsoft were Actually Indians
London-based Builder.ai, once valued at $1.5 billion and backed by Microsoft and Qatar’s sovereign wealth fund, has filed for bankruptcy after reports that its “AI-powered” app development platform was actually operated by Indian engineers, said to be around 700 of them, pretending to be artificial intelligence. The startup, which raised over $445 million from investors including Microsoft and the Qatar Investm … ⌘ Read more

Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.

The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog. ⌘ Read more

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

Vibe coding case study: ScubaDuck
Comments ⌘ Read more

Conformance Checking at MongoDB: Testing That Our Code Matches Our TLA+ Specs | MongoDB Blog
Comments ⌘ Read more

Less TODO, more done: The difference between coding agent and agent mode in GitHub Copilot
We’ll decode these two tools—and show you how to use them both to work more efficiently.

The post Less TODO, more done: The difference between coding agent and agent mode in GitHub Copilot appeared first on [Th … ⌘ Read more

The Copilot delusion
And the “copilot” branding. A real copilot? That’s a peer. That’s a certified operator who can fly the bird if you pass out from bad taco bell. They train. They practice. They review checklists with you. GitHub Copilot is more like some guy who played Arma 3 for 200 hours and thinks he can land a 747. He read the manual once. In Mandarin. Backwards. And now he’s shouting over your shoulder, “Let me code that bit real quick, I saw it in a Slashdot comment!” At that point, you’re not working … ⌘ Read more

Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method ⌘ Read more

QR codes, already posted about them in the last two posts, but I want to hear your hot takes: Should they only be black and white, are they even worth doing in 2025, incorporating them into things,..?
Also, finally getting full screen view for avatars in XMPP - a better integrated one, after 25 years. Y@ay!

Why Your AI Coding Assistant Keeps Doing It Wrong, and How To Fix It
Comments ⌘ Read more

workflows for ai coding
Comments ⌘ Read more

Vibe coding for teams, thoughts to date
Comments ⌘ Read more

10biForthOS: a full 8086 OS in 46 bytes
An incredibly primitive operating system, with just two instructions: compile (1) and execute (0). It is heavily inspired by Frank Sergeant 3-Instruction Forth and is a strip down exercise following up SectorForth, SectorLisp, SectorC (the C compiler used here) and milliForth. Here is the full OS code in 46 bytes of 8086 assembly opcodes. ↫ 10biForthOS sourcehut page Yes, the entire operating system easily fits right here, inside an OSNews quote block: … ⌘ Read more

Inside GitHub: How we hardened our SAML implementation
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.

The post Inside GitHub: How we hardened our SAML implementation appeared first on [The GitHu … ⌘ Read more

plwm: X11 window manager written in Prolog
plwm is a highly customizable X11 dynamic tiling window manager written in Prolog. Main goals of the project are: high code & documentation quality; powerful yet easy customization; covering most common needs of tiling WM users; and to stay small, easy to use and hack on. ↫ plwm GitHub page Tiling window managers are a dime-a-dozen, but the ones using a unique or uncommon programming language do tend to stand out. ⌘ Read more

@prologic@twtxt.net yeah, that will work perfectly. Because you are using “please”—which we all know is a magic talisman word of obedience—all uploads of your code to Github will be automatically paused, until such magic word is removed. 😂

A Vibe‐Coding Experience
Comments ⌘ Read more

No Github

Please don’t upload my code on Github!

I’m thinking about putting this up on all my projects and even on the front page of my Gitea instance 🤔

From Zero to $1000/Month | Bug Bounty Automation Blueprint

Image

Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more

Design Pressure: The Invisible Hand That Shapes Your Code
Comments ⌘ Read more

Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Comments ⌘ Read more