Australians are getting a minimum wage increase? Can they share?
Oh good!
Bloom County! I loved reading the anthologies. Did they ever find Cutter John? Or is he a fallen hero in the fight against apartheid?
Seeds have been planted. Even if a lot of them don't grow, some will
It looks like the setting is max_parallel_downloads in /etc/dnf/dnf.conf. Here's a post on how to increase it - so do the opposite, and set it to 1.
There's a relevant episode if you don't mind DS9 spoilers:
I don't think the Pegasus plan involves all levels of Federation leadership. I think it's a conspiracy that, although it does include at least one of the highest-ranking Starfleet officers, doesn't go all the way to the top. From the transcript:
PRESSMAN: It's not just me, Will. The Chief of Starfleet Security has personally given me her assurance of complete support.
RIKER: Admiral Raner? How many other people know about this?
PRESSMAN: Not many, and it's up to us to make sure it stays that way. Raner has given me written orders for you.
Pressman says that a small number of people are involved. He doesn't mention the Federation president or any Federation officials outside of Starfleet (remember that Starfleet is the military-ish arm of the Federation, it's not the whole organization.) He only mentions one Starfleet officer.
Pressman emphasizes that it's important to keep the secret from getting out. Of course that's partly because he doesn't want the Romulans finding out. But I think it's mainly that the conspirators don't want to be held to account for unauthorized actions.
Later in the episode Pressman tells Picard, "the Chief of Starfleet Intelligence herself is watching this one". I think it's possible that Chief of Security and Chief of Intelligence are titles used interchangeably for the same office. Or it could be a second officer involved in the conspiracy.
There's also this conversation:
PICARD: You know, it wasn't easy to get this record. I had to pull in quite a few favours at Starfleet just to get a look at it. It seems that it was classified by Starfleet Intelligence.
[...]
PICARD: The Judge Advocate also believes that the surviving officers are deliberately withholding vital information from this inquiry. Further investigation is recommended. Will, there was no further investigation. This report was classified and then it was quietly buried. Why?
RIKER: Sir, may I suggest you take this up with Admiral
PICARD: I'm taking this up with you, Will! The Judge Advocate thought you were participating in a conspiracy to cover up the truth. Now, what the hell is going on here, Will?
The judge advocate on the case is not in on the secret. That doesn't mean it doesn't go higher, but the conversation does imply that whoever was involved had limited authority to, say, prevent that inquiry in the first place, or to instruct the judge advocate to avoid sensitive topics.
Someone did have the authority to classify and bury the report. Maybe that's something the Chief of Intelligence could do unilaterally.
Note that Picard is confident that with the secret exposed the project will be shut down. If it had been authorized at all levels you might expect it to continue, but out in the open.
Now Section 31, that does seem to be institutionalized so that's a different story.
Oh... oh dear!
Linux on ARM is getting better all the time!
I sometimes tell my kids about things I was taught, and survival habits I picked up in the "dad qualification program". I based the idea of the program on a brief description of air force officer survival training in the book The Hatchet, and a generous dose of imagination. The kids have never questioned it.
Good point! We should only use date formats that are allowed by both standards! https://ijmacd.github.io/rfc3339-iso8601/
Don't say "acronym" when you mean "abbreviation"!
"Acronym" specifically refers to an initialism that forms a new word. For example,
It's acro- (height) -nym (word) - a word that exists on top of / above other words.
In contrast "NIH" is not an acronym because it isn't pronounced or read as a word. It's appropriate to say, "'NIH' is an abbreviation" or "'NIH' is an initialism". But saying "'NIH' is an acronym" is wrong!
The images probably don't have to look meaningful as long as it is difficult to distinguish them from real images using a fast, statistical test. Nepenthes uses Markov chains to generate nonsense text that statistically resembles real content, which is a lot cheaper than LLM generation. Maybe Markov chains would also work to generate images? A chain could generate each pixel by based on the previous pixel, or based on neighbors, or some such thing.
1 cm is about the width of the tip of your pinky finger.
1 m is about the distance from your nose to your fingertips if you hold your arm out, and extend your fingers.
100 m is the length of the straight section of an athletic track, which is about the same length as a football field.
1 mL is about the volume of the tip of your pinky finger.
1 L is about 1 quart, which is half a carton of milk (unless you get milk in the smaller 1 quart size).
The mile-to-km conversion is pretty close to 1½.
The kg-to-pound conversion is two-and-a-bit.
A difference of 1°C is close to a difference of 2°F.
Edit: My milk comparison was wrong - I've corrected it.
Edit: Of course by "m" I meant "mile"
Neat! I'd heard of mutualistic mycorrhizal relationships, but not mycoheterotrophy
Open the sidebar by clicking the three-lines icon at the top right. The translate option is at the bottom of the sidebar.
Patch interpreter path in embedded binary?
I'm trying to write a Nix package for a closed-source, precompiled binary with an unusual twist. The binary is statically-linked, but it contains an embedded binary that is dynamically-linked. Is there some way I can use patchelf or another tool to path the interpreter path in the embedded binary?
The embedded binary does not have any runtime library dependencies, but it does need an interpreter which it expects at the hard-coded path /lib64/ld-linux-x86-64.so.2. It is embedded using the golang "embed" library.
I have a workaround that wraps the binary using buildFHSEnv. That works, but the resulting closure is about 300 MB bigger than it needs to be.
work around a misbehaving binary cache
The situation: you're trying to build something, but one of your configured substituters (a.k.a binary caches) is either offline, or having a moment of being very slow. Nix doesn't automatically time out, and skip that cache. No, you just can't build. You want to disable the problem cache so you can get on with your life. But since you use NixOS you need to run nixos-rebuild to update your substituter settings. A rebuild means hitting the problem cache...
When I've run into this problem I've thought, "I really need a way to selectively disable a cache in the nix build command." Previously I've had a hard time searching for such an option. Today I found it! Here it is:
sh
$ nix build --option substituters "https://cache.nixos.org/ https://nix-community.cachix.org/"
or
sh
$ nixos-rebuild build --option substituters "https://cache.nixos.org/ https://nix-community.cachix.org/"
The flag --option overrides settings that are normally read from /etc/nix/nix.conf. The ide
Native Wayland gaming with Wine on NixOS
I'm a fan of gaming - my main game is Overwatch. Until this week I've been using xwayland or gamescope to run Wine games which comes with downsides. Xwayland's window management can be buggy - in Gnome I can end up unable to switch back to a game window. Gamescope has some latency and visual artifact issues in my preferred window manager.
But now with the Wine 10 release candidates you can run Wine in native Wayland mode without any special registry settings or anything. And it works very well as far as I can tell! I went through the trouble of figuring out how to get Wine 10 set up on NixOS so I thought I would share.
Wine 10 is currently available in nixos-unstable. The simplest way I've found to get it working for games is to use Lutris, and to install both Lutris and Wine from unstable. To get a complete Wine setup for Lutris use wineWowPackages - for example wineWowPackages.stagingFull. The Full variant includes wine-mono which you'll probably want, and the staging pac
Comprehending Proc Macros
Logan Smith's Rust videos are excellent - I'm happy to see a new one is up!
Better killall with systemd scopes
Some app launchers these days run each app in a new systemd scope, which puts the app process and any child processes into their own cgroup. For example I use rofi which does this, and I noticed that fuzzel does also. That is handy for tracking and cleaning up child processes!
You can see how processes are organized by running,
bash
$ systemctl --user status
I think that's a quite useful way to see processes organized. Looking at it I noticed a couple of scopes that shouldn't still be running.
Just for fun I wanted to use this to try to script a better killall. For example if I run $ killscope slack I want the script to:
app-niri-rofi-2594858.scope) systemctl --user stop app-niri-rofi-2594858.scope Step 2 turned out to be harder than I liked. Does anyone know of an easy way to do this? Ideally I'd
Remon is a responsible library developer. She cares about stability, flexibility and correctness, using whichever tools are presently accessible to achieve those goals. Her authored libraries feature automated testing and extensive documentation; she allots design decisions rationale; she knows her ...
A short post on how variable names can leak out of macros if there is a name collision with a constant. I thought this was a delightful read!
Anyone using difftastic with fugitive.vim?
Difftastic is a diff tool that uses treesitter parsing to compare code AST nodes instead of comparing lines. After following the instructions for use with git I'm seeing some very nice diffs when I run git diff or run git show --ext-diff. I thought it would be nice to get the same output for hunk diffs in the fugitive status window, and in fugitive buffers in general (which use the git filetype). But I haven't seen any easy way to do it. Has anyone got a setup like this?
I can run a command in neovim like :Git show --ext-diff to get difftastic output in a buffer. I'm thinking maybe I can set up fugitive to use the --ext-diff flag by default, or set up some aliases. But there is no syntax highlighting for the difftastic outputs since the ANSI color codes that difftastic uses in interactive terminal output don't work in neovim, and the syntax highlighting for the git filetype assumes standa
Blank red videos in game running in Wine?
I installed StarCraft: Mass Recall which is an impressive project that recreates the original StarCraft and Brood War campaigns in StarCraft 2. Everything works except that the cinematics and some of the game assets are flat, blank red. For example some of the video portraits in the briefing rooms display correctly, but Mengsk is a solid red square. In the first mission Raynor's vulture is flat red while everything else looks correct. Sound works correctly including in cinematics.
The game assets aren't a huge deal, but the cinematics are a big part of the reason for playing these campaigns IMO.
I've tried everything I can think of. I tried some different Wine runners. I tried disabling DXVK. I installed a number of dependencies that look like they provide video codecs:
Does anyone have ideas about what else I might try?
What I did figure out is a working command to run the
Using passkeys on Linux & Android
Passkeys seem like a great idea, and we are at a point where, although things are still very much in flux, software passkeys managed by password managers are starting to be usable. I thought I'd share the workflow that's working for me on Linux with some sites, and ask the community for more tips & tricks.
A passkey is a client certificate - which is an old idea, but now there are some new standards in place*. When you log into a website, instead of sending a password you send a message signed using the private key on your hardware security device, or stored in your password manager. If you use a password manager the flow is about the same as with passwords: your password manager pops up and asks if you want to log in to the given website. But instead of sending a password to the browser, message signing takes place in the password manager. Unlike passwords those signed messages can't be replayed. Arguably you can skip sending MFA codes and get about the same (or maybe better) securit
gnome-keyring as ssh agent in lightweight window manager
cross-posted from: https://leminal.space/post/4750886
It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:
nixservices.gnome-keyring = { enable = true; components = [ "pkcs11" "secrets" "ssh" ]; }; home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's
services.gnome-keyringadds a systemd user unit that does that.
gnome-keyring as ssh agent in lightweight window manager
It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:
nix
services.gnome-keyring = {
enable = true;
components = [ "pkcs11" "secrets" "ssh" ];
};
home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";
I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring adds a systemd user unit that does that.
I have a project, git-format-staged , that I build with Nix. It includes NPM dependencies, and it is convenient to have Dependabot keep…
Treesitter query to match adjacent Rust nodes?
I'd like a treesitter query that matches a Rust struct together with all of its attributes. For example,
rust
#[derive(Debug)]
#[serde(rename_all = "camel_case")]
pub struct MyType {
pub foo: i32,
}
The lines beginning with # are attributes that are logically connected to the struct declaration. But the treesitter grammar for Rust parses attributes as adjacent nodes, not as children of the struct declaration:
scm
(attribute_item ; [27, 0] - [27, 16]
(attribute ; [27, 2] - [27, 15]
(identifier) ; [27, 2] - [27, 8]
arguments: (token_tree ; [27, 8] - [27, 15]
(identifier)))) ; [27, 9] - [27, 14]
(attribute_item ; [28, 0] - [28, 35]
(attribute ; [28, 2] - [28, 34]
(identifier) ; [28, 2] - [28, 7]
arguments: (token_tree ; [28, 7] - [28, 34]
(identifier) ; [28, 8] - [28, 18]
(string_literal)))) ; [28, 21] - [28, 33]
(struct_item ; [29, 0] - [31, 1]
(visibility_modifier) ; [29, 0] - [29, 3]
name: (type_id