This tool looked interesting to me until I noticed that its external dependency count is in the hundreds, each of which increases exposure to vulnerabilities and supply chain attacks.

I hope that Rust will some day have a rich enough standard library that the “trust everything” software development model falls out of favour amongst the developers who use it.

Some of the APIs in use on Linux today come from older Unix variants. (For this reason, I probably wouldn’t call one of these a “Linux API” as the author did, though I guess it works linguistically for those that are usually present on Linux.) These APIs have semantics that were designed before threading existed on many platforms. Making them thread-safe without breaking existing code can be challenging.

If setenv(3) is among these, it could explain why glibc’s implementation doesn’t support multi-threaded programs, and why its documentation states as much. To have used it in a multi-threaded environment, ignoring the docs, was a bug in the Steam client. Perhaps it never occurred to the people who ported Steam’s code to glibc that threading issues might be different from what they were used to on other platforms.

To be fair, the author might be aware of this, as he did refer to glibc’s implementation as a tradeoff rather than a bug.

Maybe one of these?

https://system76.com/desktops/

https://www.dell.com/en-us/search/linux

https://www.tuxedocomputers.com/

Cloudflare is a provider that you can choose to have as a part of your own infrastructure.

Indeed.

man in the middle implies “attack”

That can be a convenient shorthand if the parties in a discussion agree to use it as such in context. For example, in a taxonomy of cryptographic attacks, it would make sense. It is not the general meaning, though, at least not a universally accepted one. Similarly, “counter” does not imply “counter attack”, unless we happen to be discussing attack strategy.

More to the point, nothing that I wrote misrepresents the situation as was claimed by that other person. If I had meant attack, I would have said attack. Rather, they made a leap of logic because I (like most of my colleagues) don’t happen to follow a convention that they like, and picked a fight over it. No thanks.

You’re conflating MitM,

Heh… It’s safe to assume I’m well versed in this topic.

You’re going to have to prove any of your claims, or else I am just going to assume you’re talking out of your ass.

I am not, however, inclined to indulge rudeness. Bye bye.

It bugs me when people say Cloudflare is a MitM, because that is a disingenuous representation the situation.

No, it is a clear description of what is happening: Instead of https keeping the traffic encrypted from user to service, it runs only from user to Cloudflare (and then in some cases from Cloudflare to service, although that’s irrelevant here). The result is that a third party (Cloudflare) is able to read and/or modify the traffic between the two endpoints. This is exactly what we in mean in cryptography discussions by man-in-the-middle.

You can decide that you don’t mind it because it’s not a secret, or because they haven’t been caught abusing it yet, but to say it’s not a man-in-the-middle is utter nonsense.

and you opt into it.

No, the service operator opts in to it, without consulting the user, and usually without informing them. The user has no choice in the matter, and typically no knowledge of it when they send and receive potentially sensitive information. They only way they find out that Cloudflare is involved is if Cloudflare happens to generate an error page, or if they are technically inclined enough to manually resolve the domain name of the service and look up the owner of the net block. The vast majority of users don’t even know how to do this, of course, and so are completely unaware.

All the while, the user’s browser shows “https” and a lock icon, assuring the user that their communication is protected.

And even if they were aware, most users would still have no idea what Cloudflare’s position as a middleman means with respect to their privacy, especially with how many widely used services operate with it.

To be clear, this lack of disclosure is not what makes it a man in the middle. It is an additional problem.

it cannot be a MitM because both sides of the connection are aware of this layer.

This is false. Being aware of a man in the middle and/or willingly accepting it does not mean it ceases to exist. It just means it’s not a man-in-the-middle attack.

I think zero RPM worked before (on cards that supported it) but wasn’t directly configurable in Linux.

It doesn’t necessarily mean putting it in a game’s launch options. Environment variables can be set in a startup script, or a flatpak config, or a command line, for example. But the Steam launch options approach is convenient when you’re just testing something for one specific game.

music group IFPI complained that while Cloudflare discloses the hosting locations of pirate sites in response to abuse reports, it doesn’t voluntarily share the identity of these pirate customers with rightsholders.

“Where IFPI needs to obtain the customer’s contact information, Cloudflare will only disclose these details following a subpoena or court order – i.e. these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rights holders,” IFPI wrote.

So the corporations enjoying enormous profits from other people’s work are unhappy that Cloudflare doesn’t make it easy for them to circumvent due process. What a surprise.

(I’m generally not a fan of Cloudflare, because its man-in-the-middle position between users and services has grown to an unhealthy scale, making it ripe for dragnet surveillance and other abuses. But it would be even worse if it was actively helping these greedy, predatory corporations dodge the law.)

I would definitely try it. If it doesn’t help any game, or if it causes glitches/crashes, an environment variable is easy to revert.

I built a new machine pretty recently, also with an RX 7800XT GPU (factory overclocked). When sitting idle at the desktop, the system draws about the same amount of power as my old machine did with an RX 480. So I think trying to put the big GPU to sleep during desktop use might be barking up the wrong tree.

I suggest getting a power monitor, like a Kill-A-Watt, and taking measurements while you experiment. Here are some ideas to consider:

• Are you using multiple monitors? I have read that newer AMD GPUs sometimes draw more power than they should in this case. It might depend on the resolution and/or windowing system in use. (I don’t remember if the reports I read were on Wayland or Xorg.) It almost certainly is a driver issue.
• Are you using nonstandard timings? Have you tried different refresh rates? https://community.amd.com/t5/graphics-cards/which-monitor-timing-parameter-allows-gpu-vram-frequency-to/td-p/318483
• Have you been playing games for hours every day, with no frame rate limit? The graphics card can draw considerably more power pushing polygons at 1440p@180Hz than it does at 90Hz, for example, and I don’t think the wattage progression from idle to full load is linear.
• Are you using recent kernel and firmware versions?

https://archive.today/biVWD

When I’m driving, it’s actually unsafe for my car to be operated in that way. It’s hard to generalize and say, buttons are always easy and good, and touchscreens are difficult and bad, or vice versa. Buttons tend to offer you a really limited range of possibilities in terms of what you can do. Maybe that simplicity of limiting our field of choices offers more safety in certain situations.

Or maybe being able to consistently and reliably operate the thing without taking your eyes off the road has something to do with it? Hmm… Yes, this is really hard to generalize.

AFAIK, RetroArch is just a front-end for the emulators that actually use the controller, so getting this to work depends on the emulator you’ll be using.

I would expect any decent emulator on Linux to work with the standard Linux joystick and/or evdev APIs, which are supported by the Linux DualShock 4 driver. This driver is built in to the Linux kernel; nothing more should require installation. However:

It’s possible that your distro might not load that driver automatically. To check, connect the DS4, power it up with the Playstation button (if its light isn’t already on), and run lsmod |grep -E 'hid_sony|hid_playstation' in a terminal. If it responds with some lines containing hid_sony or hid_playstation, then the driver is loaded.

It’s possible that your distro might not have labeled the DS4 as a joystick device in udev, which isn’t strictly required, but some software expects to see. On the distros I’ve used, the easiest way to get this done is to install the steam-devices package. I think most desktop distros do it automatically these days, though.

You don’t want DS4Windows. That’s Windows software. There is a program (not a driver) called ds4linux, which creates a virtual Xbox controller alongside the real DS4, similar to what Steam Input does when you use it. You shouldn’t need this for games/emulators that were written properly for Linux, but it’s there for cases when a developer took a shortcut and assumed Microsoft game hardware is standard on our non-Microsoft OS. Alternatively, I think you can use Steam Input when launching non-Steam games in Steam.

There are various joystick test programs for linux, to give you an idea of whether the OS sees the controller. (This can be helpful when a game doesn’t appear to see it, to determine if it’s the game’s problem or a connection/driver problem.) KDE Plasma has one built in to the System Settings. There’s a also generic one called jstest-gtk, available with most desktop distros. There are probably more out there.

Keep in mind that test programs like that don’t necessarily know which inputs map to which buttons/sticks on the controller. Don’t panic if they look mixed up in a test program; try it in a game first. If they’re still mixed up, look for a way to remap the inputs.

Apple offered a Ms. Pac-Man port on these devices for a while, and it was surprisingly good.

A quick search for the mentioned product names found their safety data sheets:

https://www.crcindustries.com/media/msdsen/msds_en-1003333.pdf

https://www.tmkpackers.co.nz/wp-content/uploads/FUELITE-TMK-SDS-ISSUE-6.pdf

This comment from PaulG.x caught my eye:

Electronics technician with 48 years in the industry here.

The common cause of the buttons losing sensitivity is that the silicone absorbs skin oils and these oils act as insulation on the pads and tracks.

If you look at the tracks under the pads that are least sensitive , you will see the oily residue. You can clean the tracks and pads with alcohol for a short term fix but the pads will exude more of the oil that is within the silicone.

A longer term fix is to soak the whole key pad sheet in Fuelite (Petroleum Spirit) Fuelite is the main ingredient in CRC Contact Cleaner (in fact it is the only ingredient). Use liquid Fuelite to do this , not Contact Cleaner because you have to immerse the silicone sheet.

Soak the sheet for 5 minutes , it will swell a little , let it dry thoroughly and it will return to normal dimension.

While the silicone has still some absorbed Fuelite in it , it will be easily torn so treat it carefully.

Then reassemble the device.

This fix should last several months depending on the state of the silicone sheet

It’s important to post these things every so often. There will never be a day when everyone already knows. :)

https://xkcd.com/1053/

Beware online “filter bubbles” (2011) - Eli Pariser

https://www.ted.com/talks/eli_pariser_beware_online_filter_bubbles

You can’t know with certainty on Signal that the client and the server are actually keeping your messages encrypted at rest, you have to trust them.

This is untrue. By design, messages are never decrypted on servers when end-to-end encryption is in use. They would have to break the encryption first, because they don’t have the keys.