How to write a complete GNOME application in Lua
This article is intended to be a comprehensive guide to writing your first GNOME app in Lua using LuaGObject. The article assumes that you already understand Lua and want to get started with building beautiful native applications for GNOME. I also assume you know how to use a command line to install and compile software. Having some knowledge of the C programming language, as well as the Make, Gettext, and Flatpak software will be hel … ⌘ Read more

MacOS Tahoe 26.0.1 Update Released to Fix Mac Studio Installation Bug
Apple has issued MacOS Tahoe 26.0.1 as a software update for Tahoe users. The update focuses primarly on resolving an issue for Mac Studio owners who were not able to install the initial MacOS Tahoe 26 release onto the M3 Ultra version of the Studio. Apparently other bug fixes and security improvements are included as … [Read More](https://osxdaily.com/2025/09/29/macos-tahoe-26-0-1-update-releas … ⌘ Read more

Expanding Docker Hardened Images: Secure Helm Charts for Deployments
Development teams are under growing pressure to secure their software supply chains. Teams need trusted images, streamlined deployments, and compliance-ready tooling from partners they can rely on long term. Our customers have made it clear that they’re not just looking for one-off vendors. They’re looking for true security partners across development and deployment. That’s why… ⌘ Read more

@itsericwoodward@itsericwoodward.com No worries, all good, mate! We all have to start somewhere. Other software requests my feed several orders of magnitude more often.

I can confirm, the User-Agent header appears to be fixed. \o/

Two other things I noticed, though:

1. There’s now an OPTIONS request for my feed coming from something that claims to be Firefox, pointing to your feed URL in the query. No clue what this is about. In any case, it’s rejected with a 405 Method Not Allowed.

2. Not that these few requests bother me at all, but you might wanna implement caching next with either the If-Modified-Since or If-None-Match request headers. This way, if the feed hasn’t changed, the web server can reply with a 304 Not Modified and no body at all, saving unnecessary traffic. But again, this is really not an issue for me at all. I just wanted to make sure you’re aware of it, that’s all. It might be even already on your agenda. Or you might decide to never do anything about it, which is also fine for me. :-)

Legacy Update 1.12 released
If you’re still running old versions of Windows from Windows 2000 and up, either for restrocomputing purposes or because you need to keep an old piece of software running, you’ve most likely heard of Legacy Update. This tool allows you to keep Windows Update running on Windows versions no longer supported by the service, and has basically become a must-have for anyone still playing around with older Windows versions. The project released a fairly major update today. Legacy Up … ⌘ Read more

Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second year in a row
Our commitment is to empower every developer and stay true to our north star by building an open, secure, and AI-powered platform that defines the future of software development.

The post [Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second yea … ⌘ Read more

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

The Apache Software Foundation Drops the “Apache”
“As a non-Indigenous entity, we acknowledge that it is inappropriate for the Foundation to use Indigenous themes or language.” ⌘ Read more

Open Source & Big Tech Leftists Lost Their Minds This Week
Open Source Leftists Celebrate Murder, Censor Conservatives, and say “Free Software is White Supremacy”. ⌘ Read more

Lunduke’s Week in Tech - Sep 13, 2025
Open Source Leftists Celebrate Murder, Censor Conservatives, and say “Free Software is White Supremacy”. ⌘ Read more

Great. Yet another messed up plain text e-mail part. The URL was actually HTML-escaped. Took me five attempts to figure this out, because of course it had to be several kilometers long. In fact, the e-mail stated: “Please do not be surprised that the link is particularly long. It contains your personal configuration.”

A normal person is completely lost (that’s why I got involved). Visting the broken URL opens a popup dialog suggesting to deactivate script blockers. Which I had already done upfront as a matter of prudence.

Fun bonus on top: The JWT in the link has identical iat (issued at) and exp (expiry) claims. The expiry is definitely not checked, it’s well in the past.

Medical software just has to be horrible. It’s a law.

Nøj jeg håber virkelig at OpenAI, Anthropic, Google eller Microsoft snart prøver at claime ophavsret på halvdelen af verdens software, fordi det er skrevet med en af deres LLM’er.

Altså.. det ville være ret dystopisk, men det ville fandme være sjovt. ⌘ Read more

@lyse@lyse.isobeef.org wouldn’t the PDF version be better? https://www.gnu.org/software/gawk/manual/gawk.pdf

The XMPP Standards Foundation: The XMPP Newsletter August 2025

Image

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of August 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these proj … ⌘ Read more

Hmm, gnu.org is slow as heck. Shorter HTML pages load in about ten seconds. This complete AWK manual all in one large HTML page took a full minute: https://www.gnu.org/software/gawk/manual/gawk.html Is there maybe some anti AI shenanigans going on?

In any case, I find the user guide super interesting. My AWK skills are basically non-existent, so I finally decided to change that. This document is incredibly well written and makes it really fun to keep reading and learning. I’m very impressed. So far, I made it to section 1.6, happy to continue.

@lyse@lyse.isobeef.org Best logo ever made. 😅 (It’s partially proprietary software. Just for Epson scanners, I think? Not sure.)

@bender@twtxt.net That is a noble goal. We can talk about that – as long as it doesn’t mean giving up essential freedoms like choosing which software you can run on your device (without having to ask someone for permission).

@prologic@twtxt.net Yes, this is another instance of restricting “personal” computing. You won’t be able to install arbitrary software anymore (“sideloading”, as they call it).

It’s not unique, it’s not new. Boiling the frog alive.

We’re heading towards this: https://www.gnu.org/philosophy/right-to-read.html

RIP Android:

https://9to5google.com/2025/08/25/android-apps-developer-verification/

Since nobody is going to push back on this (I don’t even know if that would be possible), this is going to be a reality on every platform sooner or later.

I’d guess in 20, 30 years, there won’t be “PCs” anymore. No more home computing, no more “I just write my own software”. You won’t own devices anymore, it’ll all be rented and the landlord will tell you what you can do with it.

I hope that I’m wrong, but given where we are today, I don’t think that I will be.

The GPG signatures of my software tarballs have been wrong for years (because I’ve been using rsync wrong, funny enough, it wasn’t a GPG issue) and nobody ever noticed. (They still are wrong at the moment, because I haven’t pushed the fix, yet.)

This confirms that this is just a total waste of time. Nobody ever checks this. Maybe this matters if you’re a distro, but why even bother as a single person …

Sam Whited: Notes
I’ve recently been using the Mixxx software for DJs. This page includes some
personal notes on my own use cases, what’s good, what’s bad, etc.
It is not really made for general consumption, but is thrown up here anyways.
It will be a bit rambling and/or ranty at times, most likely.

Let’s get my overall impressions of the software out of the way up front: it’s
absolutely great and I recommend it over the commercial alternatives for DJs of
all stripes (except maybe Radio DJs, it’s not really for … ⌘ Read more

@kat@yarn.girlonthemoon.xyz If you’re willing to ignore that it’s proprietary software, then Windows used to be pretty good. Like, 25 years ago. After Windows 2000 (or maybe XP) it went downhill fast. Kind of makes me sad, actually. 😂

The XMPP Standards Foundation: The XMPP Newsletter July 2025

Image

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of July 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or helping these project … ⌘ Read more

@kat@yarn.girlonthemoon.xyz On the one hand, all these programs have a very long history and the technology behind manpages is actually very powerful – you can use it to write books:

https://www.troff.org/pubs.html

I have two books from that list, for example “The UNIX programming environment”:

It’s a bit older, of course, but it looks and feels like a normal book, and it uses the same tech as manpages – which I think is really cool. 😎

It’s comparable to LaTeX (just harder/different to use) but much faster than LaTeX. You can also do stuff like render manpages as a PDF (man -Tpdf cp >cp.pdf) or as an HTML file (man -Thtml cp >cp.html). I think I once made slides for a talk this way.

On the other hand, traditional manpages (i.e., ones that are not written in mandoc) do not use semantic markup. They literally say, “this text is bold, that text over here is italics”, and so on.

So when you run man foo, it has no other choice but to show it in black, white, bold, underline – showing it in color would be wrong, because that’s not what the source code of that manpage says.

Colorizing them is a hack, to be honest. You’re not meant to do this. (The devs actually broke this by accident recently. They themselves aren’t really aware that people use colors.)

If mandoc and semantic markup was more commonly used, I think it would be easier to convince the devs to add proper customizable colors.

Twtxt as a network is so neat. Sucks it isn’t more widely adopted ): I feel like it’d be way easier to host than say, mastodon or GTS. & would require WAYYYY less resources. Not a diss on GTS, I love GTS , just saying because it’s text files, I assume the minimum amount of ram needed to host any of the twtxt server software is very low.

I could be super wrong though lol. Idk shit about anything ^^”

@prologic@twtxt.net Too bad, no FLOSS software. :-/ But thanks! :-)

@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.

I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.

jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.

(And this is finally a strong argument for static linking.)

@lyse@lyse.isobeef.org dmenu is a great example.

There have been several attempts at porting dmenu from X11 to Wayland. Well, not exactly “porting” it, more like rewriting it from scratch. Turns out: It’s not that easy.

dmenu is super fast and reliable. None of the Wayland rewrites are (at least none of the popular ones that I know of). They are either bloated and/or slow.

It takes a lot of discipline and restraint to write simple software and not blow up the codebase. This is much harder than people think. It’s a form of art, really.

@lyse@lyse.isobeef.org I do my timetracking in a little Python script, locally. Every now and then, I push the data to our actual service. Problem solved – but it’s a completely unpopular approach, they all want to use the web site. I don’t get it. Then, of course, when it’s down, shit hits the fan. (Luckily, our timetracking software is neither developed nor run by us anymore. It’s a silly cloud service, but the upside is that I’m not responsible anymore. 🤷)

Some of our oldschool devs tried to roll out local timetracking once, about 15 years ago. I don’t remember anymore why they failed …

This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

Oh to be anonymous on the internet. That must be nice. 😅

@movq@www.uninformativ.de Yeah, it’s a shitshow. MS overconfirms all my prejudices constantly.

Ignoring e-mail after lunch works great, though. :-)

Our timetracking is offline for over a week because of reasons. The responsible bunglers are falling by the skin of their teeth:

1. The error message neither includes the timeframe nor a link to an announcement article.
   
2. The HTML page needs to download JS in order to display the fucking error message.
   
3. Proper HTTP status codes are clearly only for big losers.
   
4. Despite being down, heaps of resources are still fetched.
   

I find it really fascinating how one can screw up on so many levels. This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

For example, I reckon software should treat stdout and stderr with care and never output logs or other such garbage to stdout that cannot possibly be useful in a UNIX pipeline 😅

@movq@www.uninformativ.de Yeah that’s why I’m striking this conversation with you 😅 Not only do I respect your opinion quite highly 🤣 But like you say (and I’ve read their philipshpy) it can be a bit “elitism” for sure. I’m genuinely interested in what we think of as software that “doesn’t suck”. Tb be honest I haven’t really put thought to paper myself, but I reckon if I did, I’d have some opinions/ideas…

@prologic@twtxt.net Hm, I wouldn’t say that. Go code could fall into that category as well.

Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)

@prologic@twtxt.net Ah, I’m referring to software that’s similar to that of suckless.org: Small, minimal codebases, small tools, but still useful. dmenu is probably the best example and also farbfeld.

Here’s the author of Anubis talking about some of their experiences:

https://xeiaso.net/blog/why-i-use-suckless-tools-2020-06-05/

(You can skip the long config and keybinds part.)

@movq@www.uninformativ.de Curious what you would define as “suck less” software? (language agnostic of course!)

The lack of suckless-like simple, hackable software these days is appalling.

Kære Windows bruger,

Næste gang du skal vælge en computer, så send en kærlig tanke til de udviklere der arbejder hårdt for at lave fri software til dig.

Vælg noget andet, så vi ikke længere behøver banke hovedet mod muren for at imødekomme sjælslugende operativsystemer.

På forhånd tak. ⌘ Read more

In all fairness, GOG says that Forsaken is only supported on Ubuntu 16.04 – not current Arch Linux. If you ask me, this just goes to show that Linux is not a good platform for proprietary binary software.

Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.

Ted Unangst’s snarky (and entertaining) remarks this month:

• https://flak.tedunangst.com/post/modern-software-2025-edition
  
• https://flak.tedunangst.com/post/killing-X11
  
• https://flak.tedunangst.com/post/forbidden-secrets-of-ancient-X11-scaling-technology-revealed

It annoys me when I clone a git repository A in order to build and self-host some software, only to realize later that I also needed to clone repos B, C and D. I’m not saying that’s a bad thing–logical separation of code between, say, a client and a server is very handy–but some projects do not communicate very well when you need multiple tools to get it running independently.

think i’m gonna use this license on my git repos going forward. it kicks ass https://anticapitalist.software/

Saw this on Mastodon:

https://racingbunny.com/@mookie/114718466149264471

18 rules of Software Engineering

1. You will regret complexity when on-call
   
2. Stop falling in love with your own code
   
3. Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
   
4. Everyone hates code they didn’t write
   
5. Don’t use unnecessary dependencies
   
6. Coding standards prevent arguments
   
7. Write meaningful commit messages
   
8. Don’t ever stop learning new things
   
9. Code reviews spread knowledge
   
10. Always build for maintainability
    
11. Ask for help when you’re stuck
    
12. Fix root causes, not symptoms
    
13. Software is never completed
    
14. Estimates are not promises
    
15. Ship early, iterate often
    
16. Keep. It. Simple.
    

Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.

Malleable software: Restoring user agency in a world of locked-down apps
Comments ⌘ Read more

Auto-Pentest-GPT-AI: LLM Powered Pentesting for your software
Comments ⌘ Read more

MacOS 26 is the final Intel version, sucks to be a 2023 Intel Mac Pro owner
macOS Tahoe is the final software update that Intel-based Macs will get, as Apple works to phase them out following its transition to Apple silicon. During its Platforms State of the Union event, Apple said that Intel Macs won’t get macOS 27, coming next year, though there could still be updates that add security fixes. ↫ Juli Clover at MacRumors Not particularly surprising, but def … ⌘ Read more

iFLYTEK Wins CNCF End User Case Study Contest for Scalable AI Infrastructure Breakthroughs with Volcano
Company to present large-scale Kubernetes model training success at KubeCon + CloudNativeCon China 2025 Hong Kong, China — 10 June 2025 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software,… ⌘ Read more

CNCF Kubestronaut Program Momentum Highlights Asia’s Role in Growing Cloud Native Talent
Upcoming Kubestronaut celebrations in China and Japan to honor global program growth Hong Kong, China– 10 June, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced continued… ⌘ Read more

The XMPP Standards Foundation: The XMPP Newsletter May 2025

Image

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of May 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these projects! Int … ⌘ Read more

GitOps in 2025: From Old-School Updates to the Modern Way
1. Introduction: Why Everyone’s Talking About GitOps in 2025 It’s 2025, and building software is more cloud-driven than ever. Cloud computing offers incredible speed and flexibility, but it also brings complexity. Companies are expected to ship… ⌘ Read more

iOS 26 Announced with New Liquid Glass Interface
Apple has announced iOS 26, the next version of system software for iPhone. And yes you read that correctly, it’s iOS 26 – twenty six – jumping way ahead from iOS 18, to follow year numbers. It’s not just iOS that is facing the numerical versioning change, it turns out that Apple is labeling all … Read More ⌘ Read more