Tech is no longer interesting. I need to find a new field.
Tech is no longer interesting. I need to find a new field.
I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.
jenny was never meant to be sandboxed, so it can’t make *great* use of it. Future software might be different.
(And this is finally a strong argument for static linking.)
I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.
jenny was never meant to be sandboxed, so it can’t make *great* use of it. Future software might be different.
(And this is finally a strong argument for static linking.)
>This extension was turned off because it is no longer supported
Thanks Google.
This browser was uninstalled because it absolutely sucks!
So only the first line should be a quote.
>This extension was turned off because it is no longer supported
Thanks Google.
This browser was uninstalled because it absolutely sucks!
So only the first line should be a quote.
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument
--landlock-access fs says that nothing is allowed.--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.The output of the
ls-static program is this line:─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do
stat() on it and everything, the little x indicates that getting xattrs also worked.3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.Adding
--landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument
--landlock-access fs says that nothing is allowed.--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.The output of the
ls-static program is this line:─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do
stat() on it and everything, the little x indicates that getting xattrs also worked.3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.Adding
--landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
setpriv on Linux supports Landlock.If this twt goes through, then restricting the filesystem so that jenny can only write to
~/Mail/twt, ~/www/twtxt.txt, ~/.jenny-cache, and /tmp works.
setpriv on Linux supports Landlock.If this twt goes through, then restricting the filesystem so that jenny can only write to
~/Mail/twt, ~/www/twtxt.txt, ~/.jenny-cache, and /tmp works.
https://git.suckless.org/st/file/x.c.html#l1984
The exact timings are configurable.
This is the PR that changed the timing in VTE recently (2023):
https://gitlab.gnome.org/GNOME/vte/-/issues/2678
There is a long discussion. It’s not a trivial problem, especially not in the context of GTK and multiple competing terminal widgets. st dodges all these issues (for various reasons).
https://git.suckless.org/st/file/x.c.html#l1984
The exact timings are configurable.
This is the PR that changed the timing in VTE recently (2023):
https://gitlab.gnome.org/GNOME/vte/-/issues/2678
There is a long discussion. It’s not a trivial problem, especially not in the context of GTK and multiple competing terminal widgets. st dodges all these issues (for various reasons).
My shell prompt and cursor look like this:
$ █
When I keep Enter pressed, I expect to see several lines like so:
$
$
$
$
$
$
$ █
With the affected terminal emulators, the lines actually show up in the following sequence. First, we have the original line:
$ █
Pressing Enter yields this as the next frame:
$
█
And then eventually this:
$
$ █
In other words, you can see the cursor jumping around very quickly, all the time.
Another example: Vim actually shows which key you just pressed in the bottom right corner. Keeping
j pressed to scroll through a file means I get to see a j flashing rapidly now.(I have no idea yet, why *exactly* XTerm in X11 is fine but flickering in Wayland.)
My shell prompt and cursor look like this:
$ █
When I keep Enter pressed, I expect to see several lines like so:
$
$
$
$
$
$
$ █
With the affected terminal emulators, the lines actually show up in the following sequence. First, we have the original line:
$ █
Pressing Enter yields this as the next frame:
$
█
And then eventually this:
$
$ █
In other words, you can see the cursor jumping around very quickly, all the time.
Another example: Vim actually shows which key you just pressed in the bottom right corner. Keeping
j pressed to scroll through a file means I get to see a j flashing rapidly now.(I have no idea yet, why *exactly* XTerm in X11 is fine but flickering in Wayland.)
name and class.Wayland (or rather, the XDG shell protocol – core Wayland knows nothing about this) only has a single field called
app_id.When you run X11 programs under Wayland, you use XWayland, which is baked into most compositors. Then you have to deal with all three fields.
Some compositors map
name to app_id, others map class to app_id, and even others directly expose the original name and class.Apparently, there is no consensus.
name and class.Wayland (or rather, the XDG shell protocol – core Wayland knows nothing about this) only has a single field called
app_id.When you run X11 programs under Wayland, you use XWayland, which is baked into most compositors. Then you have to deal with all three fields.
Some compositors map
name to app_id, others map class to app_id, and even others directly expose the original name and class.Apparently, there is no consensus.
SDL_VIDEODRIVER=wayland globally, because that breaks Wine again …
SDL_VIDEODRIVER=wayland globally, because that breaks Wine again …
SDL_VIDEODRIVER=wayland.
SDL_VIDEODRIVER=wayland.
There have been several attempts at porting dmenu from X11 to Wayland. Well, not exactly “porting” it, more like rewriting it from scratch. Turns out: It’s not that easy.
dmenu is super fast and reliable. None of the Wayland rewrites are (at least none of the popular ones that I know of). They are either bloated and/or slow.
It takes *a lot* of discipline and restraint to write simple software and not blow up the codebase. This is much harder than people think. It’s a form of art, really.
There have been several attempts at porting dmenu from X11 to Wayland. Well, not exactly “porting” it, more like rewriting it from scratch. Turns out: It’s not that easy.
dmenu is super fast and reliable. None of the Wayland rewrites are (at least none of the popular ones that I know of). They are either bloated and/or slow.
It takes *a lot* of discipline and restraint to write simple software and not blow up the codebase. This is much harder than people think. It’s a form of art, really.
Some of our oldschool devs tried to roll out local timetracking once, about 15 years ago. I don’t remember anymore why they failed …
> This is developed inhouse, I'm just so glad that we're not a software engineering company. Oh wait. How embarrassing.
Oh to be anonymous on the internet. That must be nice. 😅
Some of our oldschool devs tried to roll out local timetracking once, about 15 years ago. I don’t remember anymore why they failed …
> This is developed inhouse, I'm just so glad that we're not a software engineering company. Oh wait. How embarrassing.
Oh to be anonymous on the internet. That must be nice. 😅
Let’s take the farbfeld image format as an example again. I think this captures the “spirit” quite well, because this isn’t even about *code*.
This is the entire farbfeld spec:
farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:
╔════════╤═════════════════════════════════════════════════════════╗
║ Bytes │ Description ║
╠════════╪═════════════════════════════════════════════════════════╣
║ 8 │ "farbfeld" magic value ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4 │ 32-Bit BE unsigned integer (width) ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4 │ 32-Bit BE unsigned integer (height) ║
╟────────┼─────────────────────────────────────────────────────────╢
║ [2222] │ 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major ║
╚════════╧═════════════════════════════════════════════════════════╝
The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.
(Now, I don’t know if your screen reader can work with this. Let me know if it doesn’t.)
I think these are some of the properties worth mentioning:
- The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
- There are no “knobs”: It’s just a single version, it’s not like there’s also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
- Despite being so simple, it’s *useful*. I’ve used it in various programs, like my window manager, my status bars, some toy programs like “tuxeyes” (an Xeyes variant), or Advent of Code.
- The format does not include compression because it doesn’t need to. Just use something like bzip2 to get file sizes similar to PNG.
- It doesn’t cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided it’s not worth the trouble.
- They refrained from adding extra baggage like metadata. It would have needlessly complicated things.
Let’s take the farbfeld image format as an example again. I think this captures the “spirit” quite well, because this isn’t even about *code*.
This is the entire farbfeld spec:
farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:
╔════════╤═════════════════════════════════════════════════════════╗
║ Bytes │ Description ║
╠════════╪═════════════════════════════════════════════════════════╣
║ 8 │ "farbfeld" magic value ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4 │ 32-Bit BE unsigned integer (width) ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4 │ 32-Bit BE unsigned integer (height) ║
╟────────┼─────────────────────────────────────────────────────────╢
║ [2222] │ 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major ║
╚════════╧═════════════════════════════════════════════════════════╝
The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.
(Now, I don’t know if your screen reader can work with this. Let me know if it doesn’t.)
I think these are some of the properties worth mentioning:
- The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
- There are no “knobs”: It’s just a single version, it’s not like there’s also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
- Despite being so simple, it’s *useful*. I’ve used it in various programs, like my window manager, my status bars, some toy programs like “tuxeyes” (an Xeyes variant), or Advent of Code.
- The format does not include compression because it doesn’t need to. Just use something like bzip2 to get file sizes similar to PNG.
- It doesn’t cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided it’s not worth the trouble.
- They refrained from adding extra baggage like metadata. It would have needlessly complicated things.
Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)
Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)
Here’s the author of Anubis talking about some of their experiences:
https://xeiaso.net/blog/why-i-use-suckless-tools-2020-06-05/
(You can skip the long config and keybinds part.)
Here’s the author of Anubis talking about some of their experiences:
https://xeiaso.net/blog/why-i-use-suckless-tools-2020-06-05/
(You can skip the long config and keybinds part.)
$ head -n 1 /var/log/pacman.log
[2011-07-07 11:19] installed filesystem (2011.04-1)
$ head -n 1 /var/log/pacman.log
[2011-07-07 11:19] installed filesystem (2011.04-1)
Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.
Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.
And both these Linux version crap their pants. 🫤 The bundled SDL2 of Forsaken says it “can’t find a matching GLX visual” and I couldn’t figure out how to fix that. I didn’t spend a lot of time on Grim Fandango.
Both work great in Wine. 🤦
(I do have the original version of Grim Fandango from the 1990ies, but that one does not work so well in Wine. I figured, if it’s so cheap, why not. *And* I now get to play the *english* version. 😃 The german dub is pretty damn good, actually, but I always prefer the original these days.)
And both these Linux version crap their pants. 🫤 The bundled SDL2 of Forsaken says it “can’t find a matching GLX visual” and I couldn’t figure out how to fix that. I didn’t spend a lot of time on Grim Fandango.
Both work great in Wine. 🤦
(I do have the original version of Grim Fandango from the 1990ies, but that one does not work so well in Wine. I figured, if it’s so cheap, why not. *And* I now get to play the *english* version. 😃 The german dub is pretty damn good, actually, but I always prefer the original these days.)
https://blog.rust-lang.org/2025/07/03/stabilizing-naked-functions/
This (and inline assembly) makes Rust really interesting for very low-level stuff. 🥳
https://blog.rust-lang.org/2025/07/03/stabilizing-naked-functions/
This (and inline assembly) makes Rust really interesting for very low-level stuff. 🥳
I just love these games – and the game mechanics. It’s just the right balance between challenging and relaxing.
https://movq.de/v/c55a2a137d/the%2Dend.jpg
I just love these games – and the game mechanics. It’s just the right balance between challenging and relaxing.
https://movq.de/v/c55a2a137d/the%2Dend.jpg
Dude, you want me to print something, sign it, and scan it back in. This takes forever and I’ll have to re-login a dozen times. Narf.
Dude, you want me to print something, sign it, and scan it back in. This takes forever and I’ll have to re-login a dozen times. Narf.
sudo is a sandwich. 🫠 https://www.sudo.ws/
sudo is a sandwich. 🫠 https://www.sudo.ws/
- https://flak.tedunangst.com/post/modern-software-2025-edition
- https://flak.tedunangst.com/post/killing-X11
- https://flak.tedunangst.com/post/forbidden-secrets-of-ancient-X11-scaling-technology-revealed
- https://flak.tedunangst.com/post/modern-software-2025-edition
- https://flak.tedunangst.com/post/killing-X11
- https://flak.tedunangst.com/post/forbidden-secrets-of-ancient-X11-scaling-technology-revealed
> These are lists in your Inkscape example, right?
The font stuff? Yeah, that’s a scrollable list where you can select the current font.
> These are lists in your Inkscape example, right?
The font stuff? Yeah, that’s a scrollable list where you can select the current font.
https://social.treehouse.systems/@ariadne/114763322251054485
I’ve been silently wondering all the time if this was possible, but never investigated: Keep doing X11 but use Wayland as a backend.
This uses XWayland’s “rootful” mode, which basically just gives you a normal Wayland window with all the X11 stuff happening inside of it:
https://www.phoronix.com/news/XWayland-Rootful-Useful
In other words, put such a window in fullscreen and you (more or less) have good old X11 running in a Wayland window.
(For me, personally, this won’t be the way forward. But it’s a very interesting project.)
https://social.treehouse.systems/@ariadne/114763322251054485
I’ve been silently wondering all the time if this was possible, but never investigated: Keep doing X11 but use Wayland as a backend.
This uses XWayland’s “rootful” mode, which basically just gives you a normal Wayland window with all the X11 stuff happening inside of it:
https://www.phoronix.com/news/XWayland-Rootful-Useful
In other words, put such a window in fullscreen and you (more or less) have good old X11 running in a Wayland window.
(For me, personally, this won’t be the way forward. But it’s a very interesting project.)
Take this for example:
https://movq.de/v/8822afccf0/a.png
I’m talking about this area specifically:
https://movq.de/v/8822afccf0/a%2Dhigh.png
One UI element ends and the other one begins – no “transition” between them.
The style of old UIs like these two is deeply ingrained into my brain:
https://movq.de/v/8822afccf0/b.png
https://movq.de/v/8822afccf0/c.png
When all these little elements (borders, handles, even just simple lines, …) are no longer present, then the program looks buggy and broken to me. And I’m not sure if I’ll ever be able to un-learn that.
Take this for example:
https://movq.de/v/8822afccf0/a.png
I’m talking about this area specifically:
https://movq.de/v/8822afccf0/a%2Dhigh.png
One UI element ends and the other one begins – no “transition” between them.
The style of old UIs like these two is deeply ingrained into my brain:
https://movq.de/v/8822afccf0/b.png
https://movq.de/v/8822afccf0/c.png
When all these little elements (borders, handles, even just simple lines, …) are no longer present, then the program looks buggy and broken to me. And I’m not sure if I’ll ever be able to un-learn that.