None of the methods proposed by Trezor would frustrate the attack mentioned in the article:
Validate the holograms: Most users aren't forensic experts and don't have an authentic physical sample to compare their evaluation target to, only photos of one.
Only buy from authorized resellers such as the official Amazon shop: Fake products have been introduced into Amazon's supply chain before [1].
The bootloader validates the firmware and displays a warning otherwise: Sure, but so does the fraudsters' bootloader.
If I were Trezor and became aware of a fake firmware, I would:
* Offer rewards to anyone able to send me the fake devices or clues who is making them.
* Tell my clients to upgrade the firmware on devices before use. Make sure every new firmware is distinctive in some way - for example the boot screen, and tell the users to check for that to ensure they are actually running the firmware they thought they just flashed.
It's hard to reliably binary patch something unknown ahead of time.
All Trezor would need to do is change the compilation options on a fairly regular basis, and any patching will fail.
Combine with the fact there is a reward to send in devices means they can analyze any evil devices and make sure their instructions to users will reliably detect all evil devices they're aware of.
Still doesn't stop supply chain attacks, but makes them far harder.
Wayland is a more versatile protocol. OP is misrepresenting a little bit, the base protocol v1 is finalized but desktop use will need and already does use many standard extensions.
Nothing about being assholes, just a bureaucratic design.
My understanding is that Wayland is more versatile in the sense of how a LEGO set is more versatile than a molded toy. Yes you can do a lot with LEGO, but a LEGO brick is just a LEGO brick at the end of the day. Similarly, Wayland lets almost all the "interesting" bits be up to the extension protocols[1].
Also, wayland builds only on the pure kernel abstractions for video drivers (DRM+KMS), which is (was) not supported by nvidia (which instead patched your xorg binary with their proprietary code). No sane person wanted to support nvidia’s way for a completely different render path, so it wasn’t initially supported, until nvidia came to their senses and also implemented the necessary linux subsystems in some of their drivers. So pretty much the same old “Linus middle finger” story, nothing specific with wayland.
Nobody is a "bad guy," even if we may disagree emphatically with their design decisions. Ultimately, however, we may feel we aren't entitled to those providing free labor to do so in such a fashion that their work product meets our specific needs or aligns with our expectations.
That said, having a bare-bones protocol that fails to include standard features, forcing each implementation to meet users' needs differently, is somewhat disappointing. Anything that reduces functionality for the sake of ease of maintainability is going to be unpopular with end users who have everything to lose and nothing much to gain directly.
The core is bare-bones, there are numerous standard protocols since, and many other are in standardization. Here is a site to review their state: https://wayland.app/protocols/
Don't you think it more reasonable that features that will definitely be implemented by every desktop environment ought to be core rather than not fully standardizing on it 14 years later?
Attentive designers would have standardized this in the incredibly obvious way of allowing the user to white list specific apps, logically at install time and screenshot apps would then implement a singular standard that works in version 0.1. Instead we force users to confront and understand the difference between x11 xwayland and wayland in order to figure out why their screenshot app doesn't work or doesn't work well.
This doesn't enhance the case for "regular" people to use Linux.
You can’t push through a new protocol that’s already huge. Wayland was deliberately made extensible, programs can properly query about its capabilities, it is actually quite great design.
It’s just the negatives of the bazaar style development, it’s not like we ever had a unified approach to desktops (remember a few years ago how tray icons and whatnot were all different between KDE and Gnome?). There is no entity like apple that can just work on the details in the background and release it overnight and say that from now on this is the supported API. An open source one has to live in the open from day 1. Mind you, the standardization will speed up considerably, the first year of that 14 is very different in pace from the last ones.
Also, screenshots are not a trivial task to get right, sure, here is its buffer is easy. But then will you also implement a screen sharing API separately? Will it just repeatedly take screenshots for like 20 FPS? That was the reason for it taking longer time, but it works very well now.
> remember a few years ago how tray icons and whatnot were all different between KDE and Gnome?
Yes, and then tray icons worked across desktop environments for a few years until Gnome decided that this standard should be thrown out and replaced it with nothing.
I think what many people annoys with Gnome and Wayland is that they control the overall trend in Linux desktops and yet couldn't care less about most advanced and experienced Linux users. But what other Linux desktops are there?
It seems like one of those politics things. Focus on PR to get the randoms behind it and get people to switch, doesn't matter the quality, how you talk about it is what matters.
Do we have a name for this yet? We had "Embrace, Extend, Extinguish" for MS' playbook, but Red Hat's run theirs enough times that it seems like we ought to have a name for it (and it's definitely different from Microsoft's EEE)
The wayland devs ARE the Xorg devs. They all decided that Xorg wasn't worth maintaining because it has too much legacy baggage[0]. The rest is just a bunch of entitled whining users that dont like change.
It's entirely normal for users not to like change less yet when the benefits are nebulous even if justifiable and accrue to the developers while the users bear costs in terms of decreased stability, increased complexity, and fewer features.
Wayland+Xwayland as they mentioned in the post.
I hope it's gonna work. Last time I used wayland (few years ago) there were issues with many applications I used to.
I don't think the fact that Vim and Emacs were created a long time ago makes them inferior.
They keep developing and they are up to date with many/all programming-features. There are bunch of extensions that VScode just doesn't have despite it's huge extension store.
Also the main thing for me about these editors and especially Emacs is that you can program it. Not just configure it but actually program and do anything with it. You can hook into any piece of the code and change it. You can read the source code of any "extension" and patch it on the fly. I don't think I'm aware of any other editors that allow that.
To be clear, I'm not saying the problem is they were created long ago.
I'm saying (from my pov, which may be wrong) that they don't seem to have as good of an IDE experience. Certainly the out-of-the-box experience with emacs/vim is much worse. And the learning investment is pretty steep. But even if you configure everything as an expert would, the experience still seems lacking to me.
I love such readings, they often inspire me to start (at this moment "to keep") my "digital organizers" in shape but I always been wondering for how long people can keep such dedication to the process and how the process becomes useful later.
I started with GTD a long time ago, I don't even remember what digital tool I used at that time. Then I switched to Todoist, then Wunderlist, then some cli tools like Taskwarrior, then org-mode, then Evernote + various todo apps then Obsidian + org-mode (org-roam is awesome but I need GOOD mobile support) so my GTD is not even a GTD now in it the original sense.
And I still don't see any serious benefits from the process. Sure, tasks are there and I'm aware of them, I look at them and do them. But that's it.
For some reason, I expected super productivity from myself while doing all this. I don't see myself productive still. Especially comparing to the author and many other authors of similar posts.
I'm pretty sure I could track all those tasks in one Evernote note or Obsidian file or one Org file or even in one piece of paper (no mobile support though) and stay on the same level of productivity I am right now.
My question(s) is. Is there anyone who make notes or track tasks for a more than a year period? How often do you change your workflow? Do you find it all useful and how the tracking helps you now? Was there any time you thanked yourself for doing all this during a long period of time?
p.s.
I'm of course not talking about a "project" tasks in Jira or issues on Github. I'm talking about tracking/notting of your life(todos) and thoughts(notes).
The author himself seems to have given up on following the described GTD process strictly.[1]
I have wondered this about productivity systems and hacks, too. With GTD, the key seems to be to get yourself over the edge of your resistance to get your tasks done. If you fundamentally resist the tasks you think you ought to be doing, GTD will probably not work long-term. For example because you hate some aspect of your job or you’re afraid about the outcomes of your tasks. If you just need a way to organize all the little actionable items because otherwise you lose track of them, GTD might work.
I also wonder if people that we normally see as productive (Nobel prize winners, etc.) need to force themselves to stick to a special GTD system, too, or if for them the resistance is weaker and their tasks end up getting done one way or another.
In any case, Emacs and Vim are great outlets for tinkering with productivity hacks. But the long-term solutions might need to be deeper.
I'd argue that any tool or system of any kind is for when you are in need of assistance. Whatever gets you up to momentum each day, refreshes context, minimizes malaise, and maximizes just knocking things out one by one.
Let me frame it another way. If you did the couch to 5k over the course of a few months and succeeded, is it the app that got you to running consistently or is it the fact that it kickstarted you into momentum. There is no ideal. There's whatever makes you feel like you did good work on the right things today and that momentum for tomorrow seems like you've got the right tools in place to get there and forgive yourself when you fall off the wagon. Don't worry about specifics other than that whatever you engage in seems to give you momentum at a pace you find appropriate.
I looked at Logseq just yesterday exactly because I was trying to move somewhere from org-mode (due to its mobile limitations).
Seems like Logseq just supports org-mode formatting but it actually lacks a lot of org-mode functionality. One of which is time tracking (did I miss it?).
That's incredibly important feature of org mode for me.
Thank god I did a control+F "web" before asking if there's a version one can play in a browser. What a time to be alive. Time for someone to make a proper, no-plugin-required Quake multiplayer game. Quake Live could've been it but the tech wasn't ready.
if anyone at id Software is reading this: do it. DO IT
Thank you. Guess mods (like OSP/CPMA) don't work but still. Quake 3 on the web.
Forgive me for asking but judging from your nickname, you're likely from Bulgaria. If that's true, then it's amazing we don't know each other as the Quake community (now long dead) is rather tiny.
Edit: Well, it does not work in Firefox but I'll check out later in chromium. CPMA is the default I see. Truly amazing.
Edit 2: I am getting rock solid 120 fps on a Ryzen 5800H. On battery. This really made my day
Glad you like it. No worries about asking, you're correct about the country but I'm just a casual gamer by choice and never put that many hours into Quake. Love the game but my main appreciation of it comes from the id history, Doom and even it's influences on UT.
I'm still amazed when I play quake in a browser. This really shows the conjunction of decades of little things coming together. And it frustrates me a bit more when I see simple things lagging and being slow.
Unfortunately, I can't understand why people who downvote and don't agree with you are considered racist. They just have different opinion and they probably affected by the rename in the same way as someone may be affected by word "Master" for example.
So as far as I understand Hans (the author) is FreeBSD maintainer and he made the change in the source code. Community isn't happy about it (based on the email thread).
Is there any person who can actually revert the change ignoring Hans? How does it work in FreeBSD?
I'm quite unhappy with such changes. There are terms I used to and I never thought about those terms in any way bad meaning. Are people who rename Master to Main latent racist? Why, by reading "Master", they think about slavery?
It would be much better if we vote for such changes. Maybe give voice only to people who potentially may be offended by such words. Hans doesn't look as a person who can be offended by word Master though...
I wonder if Trezor team communicated that in some maybe different way than that line in the CHANGELOG. Not blaming them of course, just wondering.