cm0002

The team behind the popular open-source, cross-platform password manager KeePassXC has provided a detailed explanation of how AI is utilized in its development workflow, addressing community concerns raised following a recent update to the project’s contribution policy, and, more specifically, in the AI-related aspects.

In its announcement, the team stresses that AI assists developers during the review and drafting process, but no AI-generated code is merged into the KeePassXC codebase. The application itself remains fully human-written and continues to follow the rigorous security standards that its users expect.

While the "Nova" driver continues to be developed as a modern Rust-written, open-source and in-kernel NVIDIA graphics driver for Linux, for the time being Nouveau is what's working for end-users for those wanting a mainline open-source NVIDIA graphics driver for gaming and other workloads. With Linux 6.19 the Nouveau driver is picking up support for handling larger pages as well as compression support.

Sent out today was the latest round of drm-misc-next updates intended for Linux 6.19. Standing out there on the Nouveau side is enabling support for larger pages and compression support.

We're finally getting another proper modern rally racing sim with Assetto Corsa Rally out now in Early Access. Thankfully, it won't be in Early Access forever, as they think it will only take around 18 months to finish it all up.

And, surprisingly, even though it's using Unreal Engine 5 most of the early reports on it have been quite positive. It even has a Very Positive rating on Steam. Over email the developers noted how "Supernova Games Studios has extensively customized and optimized Unreal Engine 5 to meet the specific performance and visual fidelity needs of racing simulation".

After extensive testing, it's finally here: the new SHIFTphone 8.1 with iodéOS is now available at NovaCustom! It's a privacy-friendly phone that's not only user-friendly and secure, but also sustainable and fully modular. This smartphone stands for privacy, security, freedom of choice, and repairability: values that perfectly align with NovaCustom's mission.

• https://novacustom.com/privacy-friendly-phone/

Why NovaCustom and SHIFTphone are the perfect match

At NovaCustom, we believe that users should have control over their own hardware and software. The SHIFTphone is perfect for this in terms of hardware: it has a modular design and is easy to repair. In terms of software, the original product is less than ideal: it comes with Google software as standard. NovaCustom replaces that software with iodéOS by default. This is an operating system without Google services (only microG, but it can also work without it!). This gives you a privacy-friendly phone with maximum control over your data.

Fully modular and customizable

NovaCustom launches the SHIFTphone 8.1

Whether you want to replace a screen, insert a new battery, or simply tinker with your smartphone yourself, the SHIFTphone makes it possible. No glue, no frustration, just pure freedom. NovaCustom has been supporting this principle for years with configurable laptops, and now we are bringing that same idea to smartphones.

One reporter with whom Epstein connected frequently was Landon Thomas Jr., a financial journalist at the New York Times. Thomas exchanged dozens of emails with Epstein between 2015 and 2018, years after the financier’s conviction for soliciting a minor.

In the emails, Thomas tipped off Epstein about inquiries by other reporters and claimed to have vouched for Epstein, whom he said he called “one hell of a guy.” In one exchange, Thomas coached Epstein on how to repair his reputation.

The relationship was a two-way street. Epstein, who died in a Manhattan federal jail in 2019 awaiting trial on charges of sex trafficking, was reportedly a valued source for Thomas. In the emails released Wednesday, one of the topics Epstein fed information to Thomas was about Donald Trump’s allegedly lecherous behavior. In the exchanges — through his trademark style of lowercase letters and abundant typos — Epstein alludes to Trump’s predilection for young women.

I recently had a discussion with a good friend about fishing minigames, and just wanted to share it online for no particular reason. ;)

In most other games where fishing is an optional side task, it either boils down to ....

• RNG / sheer luck with very little opportunities to improve anything. Most Pokémon games are an example here: you cast your line then push a button and you get what you get. There is no way you could learn to push the button in a more skillful way, so the player can not improve. This is especially bad if you can get a certain Pokémon or evolution item only by fishing, because it means you'll either get lucky and immediatly get what you want, or you spend three weeks straight sitting in the same spot without making any progress. And you can not change anything about that.

• Upgrades alone. To catch better fish, you need better rods and/or bobbers. That's it. There's no minigame to learn, just the "push button to reel in" mechanic again. An example for this would be Terraria, which offers a huge amount of possible upgrades for your equipment but ultimately no actual "minigame" because you just need to push one button to get your fish out of the water.

• Skill alone with no way of improving things in a meaningful manner. An example for this would be the Fishing Hole in Twilight Princess. Beautiful environment, nice animations, gorgeous music - but if you suck at the minigame, then you suck forever. There's no way to make the process easier without "in-game" cheating (Sinking Lure, but the owner will not accept anything caught with it so it is pretty pointless to get it in the first place).

• Obnoxious button mashing. Personally I just hate this so, so much ... it is uncreative and annoying. As much as I like Dragon Quest Builders otherwise, but their fishing minigame is a prime example of this. Try catching an XXL Whale Shark without getting a cramp and/or ruining your controller....

• Minigame doesn't feel like fishing. An example would be FF12 where the "fishing" is done by repeating the button combinations on the screen as fast as possible. They could have used the same mechanic for drastically different minigames (like a crane game or a mini version of Street Fighter) and it wouldn't have made any difference. It only counts as a "fishing" minigame because the game says so. Oh and you don't even GET fish this way, because all rewards for this minigame are potions and rocks and money.

Now Stardew Valley on the other hand has, in my opinion, the best mix of all of these factors. There is RNG involved to a certain degree to keep things interesting, but you also get numerous ways to improve your odds.

It takes a certain amount of skill to keep the bobber inside the green line, so the player actually has a chance to "git gud" even without having to rely on in-game upgrades.

...but if you really can't get the hang of the minigame itself or have slow reflexes (for medical reasons etc.), you can still yield better results by using better rods, different bobbers, better bait, food bonuses and the like, or levelling up your character's fishing skill.

It is a super simple game (in a good way!) and has easy-to-understand mechanics without monotonous button mashing.

It also feels a lot more "lively" because the sole dev made sure that different fish behave differently, like that the bar barely moves when you reel in a slow fish like carp but will jump around like Sonic on crack when you hook a Lava Eel. The green bar "darting" also has a kinda similar feel to IRL fishing (better than repeating button combinations at least) since you have to respond to the fish's movements and give the line some slack in the right moment (not just bluntly reeling in until the line snaps).

Plus, there's actually lots of other stuff you can DO with the fishing minigame that overlaps with other tasks and features the game has to offer, like crafting worm bins to get your personal source of bait or tossing your catch into your own pond on the farm where they multiply over time and can net you other produce like for example caviar from sturgeons. You also sometimes need specific fish to cook a certain dish, there are villager requests centered around catching certain amounts of lake / river / ocean fish to "reduce their numbers" and many more.

There's even a villager request to fish garbage out of the lake to clean it up, and some fishing garbage can be recycled into valuable crafting components. This is a massive improvement over some other games where the respective minigame feels disconnected from the rest of the gameplay, and you simply fish to sell the catch and nothing else.

Also a nice touch that the only non-legendary fish that doesn't reproduce in a pond is the tiger trout. This hybrid species is infertile IRL and I was pleasantly surprised that Concerned Ape would include such a small but crucial detail in a game that isn't even primarily about fishing. ♥

There are a ton of other things I love about Stardew Valley, but this particular minigame is simply peak top tier fishing minigame design.

OC text by @justlookingfordragon@lemmy.world

As you know, GrapheneOS is a privacy‑ and security‑focused, independent Android‑based distribution for smartphones. With the mobile market dominated by just two major advertising giants—Apple increasingly joining the ranks—we urgently need genuine alternatives. GrapheneOS stands out as the sole platform that lets users enjoy modern features without compromising their freedom, privacy and security.

Please consider supporting the GrapheneOS project in this year’s Proton fundraiser.

Hello, this is a continuation of my previous post where I explained how to Set-Up a Remote Desktop experience fully encrypted for you or friends to use in your Machine

In that post I received a comment basically asking for what we're about to do and I believed it to be a cool idea to integrate Containers to basically be able to spin-up Full Virtual Desktops on demand, with the Pros and Cons that entails (more on that at the end); so

Let's establish things

• We're using the previous post as a baseline, I'll assume everything there has been Set-Up as explained and we'll focus on understanding and fabricating the Container here and the SSH environment; If you have read and done what's in the post previously, please take a look again I have updated it to a better version that's basically required for things to work here, particularly pipewire
• Everything established on the previous post holds true, we will be using wlroots Wayland; Pipewire, SSHFS and a Terminal Emulator for all our interactive needs
• I'll be using Podman in Arch Linux with an Arch Linux container image, it would be best you stick to an image of your same Distribution

Where do we start?

First we better install Podman as things are straight up not going to work without it so refer to your Distribution's instructions on how to install it and get rootless support going, it's really easy

Now that the hard part is done let's get to Build a Container Image, we will be building an image for each user we want to have to make things easy and have a reproducible environment should the user want to restart their Space

We have to build a Containerfile like this;

# Base distribution image to use
FROM archlinux 
# Set the user name with a variable passed from the shell
ARG USER=$USER  
# Create the Home Folder in the image
WORKDIR /home   
# Create the user Home folder in the image
WORKDIR ${USER} 
# Distro-Specific set-up for the package manager inside the image
RUN pacman-key --init  
# Distro-Specific set-up for the package manager inside the image
RUN pacman-key --populate archlinux  
# Installing base user packages inside the image
RUN pacman -Syu base-devel sudo bash htop git nano fastfetch curl wget --noconfirm --needed 
# Making ALL users able to use SUDO
RUN echo "ALL ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers  
# Copy userspace initialization script into the image
COPY ./initialization.sh /initialization.sh
# Make initialization script executable inside the image
RUN chmod +x /initialization.sh 
# Set the user's default entrypoint to the BASH shell
CMD /bin/bash 

Take a moment to read the comments on each of the Lines, as we preferably adjust things to match our Distribution of preference, all Distro-Specific steps should be replaced to match what your Distribution needs, and also what you want there to be on container for your user available from the get-go

There are 3 elements to take note of;

• ARG USER=$USER; this will be a variable passed for usage during the build-time of the image and it's only use is to create the user's Home, as this is the best moment to do so
• RUN echo "ALL ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers; this will make all Users able to use SUDO which might seem risky at first but don't worry this will be undone as soon as the User gets control of the container; it is only for the Set-up Process to function
• COPY ./initialization.sh /initialization.sh and RUN chmod +x /initialization.sh; This is a script we're going to write next that will set-up the Container to be appropriately used like a Bare-Metal installation

Finished customizing your Containerfile to your needs? Next up we'll write that script I mentioned like this

echo "Welcome to your Personal Container, This script will ensure Userspace is properly initialized"
if [ "x${SUDO_USER}" = "x" ]; then
  echo "This script is not being run with SUDO, run it with SUDO or edit it to work with whatever elevated command system you're using"
  exit
fi

rm /home/"$SUDO_USER"/.bashrc
cp -r /etc/skel/. /home/"$SUDO_USER"
#echo "Please input your password for SUDO within the container"
#passwd $SUDO_USER
export PASSWORD="changeme"
echo "$SUDO_USER:$PASSWORD" | chpasswd
echo "$USER:$PASSWORD" | chpasswd
echo "Your (and root's) password within the container is: $PASSWORD"
echo "You can (and should) change it by invoking 'passwd' on both accounts!"

chown -R "$SUDO_USER" /home/"$SUDO_USER"
sed -i '$d' /etc/sudoers
echo "ALL ALL=(ALL:ALL) ALL" >> /etc/sudoers
echo "All done, this should be usable now!"
rm $0

This script is rather simple, but important, you see Containers are not usually built to be comfortable User Spaces but instead to be fast and discard-able, this is cool but with a bit of tweaking we can make it suit our needs, this is all that tweaking required all within the Container;

• We initialize the User's Home
• We give a default Password to the user and root to be able to restrict SUDO to only users who know their Passwords
• We restrict SUDO as mentioned and prompt the user to change their password
• We delete the Script

With the Initialization Script and Containerfile written up and saved in the same directory we have to give the User's account access to reading them both, I personally just copy them to their Home Folder; You can spin it to them however you'd like

Since Podman is being used rootless, we naturally want to Switch to that User's account (unless we already ARE the user) and get things set-up

First we Build the Container image with a recognizable name to make things easier for us AND passing the user's name as a Build Flag as we expect in our Containerfile, such a command could go like;

podman build --tag "$USER"_container --build-arg USER="$USER" </directory/to/containerfilefolder>

If that succeeds with no errors, we're basically done, next we should make the user's home inside the container a folder that's inside their real Home, so that all their files are accessible through Remote File Sharing; so for example

sshfs_directory="$HOME"/."$USER"_container
mkdir -p "$sshfs_directory"

And then the indispensable part about this, we make the user's container run the initialization script as sudo first of all on first start by adding it to their .bashrc

echo "sudo /initialization.sh" >> "$sshfs_directory"/.bashrc

As the script removes both .bashrc and itself this won't happen every time, only the first run of the Container

Finally we're ready to create the Container, I have compiled this podman create command with everything that's necessary so like;

podman create -ti \ # Make the Container interactable 
--mount type=bind,src="$XDG_RUNTIME_DIR",dst="$XDG_RUNTIME_DIR" \ # Mount Real user's runtime to the Container user's runtime, allowing Remote Clients to connect into the Container
--mount type=bind,src="$sshfs_directory",dst=/home/"$USER" \ # Mount Real user's Home Container Directory into the Container's user Home directory
--env=XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \ # Pass the Real user's runtime directory variable to the Container's, needed for all Runtime applications to work
--env=USER="$USER" \ # Set the user as the USER envrionment variable inside the Container like all SHELL logins do which is expected by a lot of things
--env=SHELL="$SHELL" \ # Set the Container's SHELL environment variable which is really useful
--device /dev/dri:/dev/dri \ # Give the container access to the Graphics Hardware of the Machine
--device /dev/snd:/dev/snd \ # Give the container access to the Audio Hardware of the Machine
--userns keep-id:uid=$(id -u),gid=$(id -g) \ # Run the Container as a full-copy of the user which is super necessary for things like running Wayland and Accessing container Files from Local or Remote
--name "$USER"_container \ # Naming the container appropiately to easily identify and start or remove it
--hostname "$USER"_container \ # Naming the container's runtime to be easily identified
localhost/"$USER"_container # Use the container image we just built

After you're done understand what's going on, make sure to delete all the comments (The # and everything after each line) otherwise the command will fail

This step can take some time, as Podman has to do quite some processing to put the User's namespace to use within the image given, so give it time

After that succeeds, our user could log-in through SSH and start using the Container IF they're not gonna use Wayland or Audio, we have to set-up both of these for the Container to use after each log-in, this is easy, we just have to add some lines to the real user's .bash_profile (outside the container!) to do everything on each SSH log-in for example;

if ! [ "x${SSH_TTY}" = "x" ]; then
  export PULSE_SERVER=unix:$(find $XDG_RUNTIME_DIR/pulse-server-* | tail -n 1)
  podman update --env PULSE_SERVER=$PULSE_SERVER "$USER"_container
  if ! [ "x${WAYLAND_DISPLAY}" = "x" ]; then
    podman update --env WAYLAND_DISPLAY=$WAYLAND_DISPLAY "$USER"_container
  else
    podman update --unsetenv WAYLAND_DISPLAY "$USER"_container
  fi
  podman start -a "$USER"_container
  exit
else
  podman update --unsetenv PULSE_SERVER "$USER"_container
  podman update --unsetenv WAYLAND_DISPLAY "$USER"_container
fi

This is a modified version of the .bash_profile explained in the first post, here we just add commands to update the container's environment variables as needed since these are volatile on each SSH log-in and are required for Wayland and Audio to work properly

Also take notice, we have added "podman start -a "$USER"_container" and "exit" one after the other on .bash_profile, this basically jails the user into using the Container on SSH log-in as their session will only start once they are inside it and be immediately terminated once they exit it, they will be unable to do ANYTHING outside the Container and to me this is desirable behavior, if you're not into that you can remove it and the container will just be an option to them

However should you also wish to do this, make sure to keep .bash_profile read-only to the user as with remote file access they can modify it by accessing it through Remote File Sharing

Speaking of Scripts, how does that look for the user? It mostly looks the same as the first post but just for a refresher here's an example script for connecting to our Remote Host;

mkdir -p "$HOME"/.remote_files
sshfs -p 7777 user@192.168.100.2:"$HOME"/."$USER"_container "$HOME"/.remote_files
waypipe --video h264 ssh -p 7777 -l user -R $XDG_RUNTIME_DIR/pulse-server-"$RANDOM":$XDG_RUNTIME_DIR/pulse/native 192.168.100.2
umount "$HOME"/.remote_files

And that's it, we're done, next log-in through SSH your user will be dropped inside a Container, where as far as I've tested, works pretty well for a Virtual Desktop

The obvious advantage of doing all of this is

• The User can install and run any software without requiring root to intervene as they can do anything they want on the Container
• The Administrator can easily limit the Resources a guest user can access (CPU, RAM, GPU) with podman commands should they wish to offer an affordable workspace for them (check the documentation for this)
• If the User's space is compromised, the problem is only as big as the user's access to the real user's permissions
• As opposed to Virtual Machines, this set-up only occupies resources on demand and has minimal overhead

While the obvious disadvantages basically summarize as It's not as flexible as a Virtual Machine

But I still find it novel and useful for testing software before committing but for example you could donate me a container like this in your machine since I could use the processing power ;) off

That's all from me today, Have suggestions? Let me know what can be done better and I’ll update this post, thanks for reading and have a good one

Author @Coki91@lemmy.world

Hello, I am writing this because this topic was at first a question I had and I couldn't find an answer to it, information about it online is scarce and outdated so here I am to share what I have figured out; so

Let's establish things

• Remote Machine = The device processing the program/audio and holding the files, streaming them over to the Local Machine
• Local Machine = The device which initiates the connection to the Remote Machine, hears the audio, interacts with the programs and receives the files requested

What we'll be using (L/R means Local or Remote respectively)

• SSH (openSSH) L&R
• waypipe L&R
• pipewire, pipewire-pulse and wireplumber L
• sshfs L
• Any wlroots based Compositor L
• Any Terminal Emulator L
• FUSE L

In my case my compositor of choice will be Labwc, keep in mind all of the components used have a lot of options and you could benefit from checking out whats hot in each of them, I will only cover settings up to things WORKING

First things first install the packages and on the Local Machine make sure you have your sound system running for your User, if you hear audio already you should be okay otherwise review your specific distro documentation on how to start the services

For example on Arch: systemctl start pipewire pipewire-pulse wireplumber --user

Next is to start your Compositor of choice and open up a terminal emulator, you should first make a connection from the Local Machine to the Remote Machine with SSH and your credentials so

For example: ssh -p 7777 -l user 192.168.100.2

Managed to connect to your Remote Machine? Great now we'll need to do the set-up, we're going to need to make an environment variable set automatically on each SSH login

This variable has to set-up on SSH LOGIN ONLY as to not disturb the Remote Machine's local audio playing for when it is used locally, there might be many ways to setup this, in my case I'm gonna add this line to ~/.bash_profile

For example: if ! [ "x${SSH_TTY}" = "x" ]; then export PULSE_SERVER=unix:$(find $XDG_RUNTIME_DIR/pulse-server-* | tail -n 1) fi

This will automatically execute on login, evaluating if it's an SSH login, and adding the environment variable PULSE_SERVER which will tell applications running locally (On the Remote Machine) that the audio socket is the SSH socket we will forward, which sends it back to your Local Machine's Audio Service (Encrypting it)

Next we would like to remove the audio socket when we're done so it doesn't bloat our filesystem right? We can add a script to ~/.bash_logout for this purpose just like we just did

For example: if ! [ "x${SSH_TTY}" = "x" ]; then rm ${PULSE_SERVER#*:} fi

When this is done, we can exit the Remote Machine's shell and everything is basically ready on the Remote Machine

Now on our Local Machine we have to modify our SSH command to forward the audio socket we have mentioned prior

For example: ssh -p 7777 -l user -R $XDG_RUNTIME_DIR/pulse-server-"$RANDOM":$XDG_RUNTIME_DIR/pulse/native 192.168.100.2

The important part is -R $XDG_RUNTIME_DIR/pulse-server-"$RANDOM":$XDG_RUNTIME_DIR/pulse/native which creating the UNIX Stream socket on the remote machine and giving it the name "pulse-server" + a random number to prevent multi-session conflicts and linking it to your Local Machine's audio socket

This makes applications on the Remote machine talk directly to your Local Machine's audio server and playing it there, everything basically functions as if it were running Locally, due to this the audio stream is uncompressed, you might want to add -c to the SSH command for all the data to be streamed with compression if you have limited data plans

Next up we should set-up waypipe, this application allows forwarding both Wayland native applications AND wayland compositors themselves, so if there is an X11 only application you can't forward through Waypipe, you can start a compositor instead and use it from there (Wine games, to say my use case) just like a Remote Desktop

For example: waypipe --video h264 ssh -p 7777 -l user -R $XDG_RUNTIME_DIR/pulse-server-"$RANDOM":$XDG_RUNTIME_DIR/pulse/native 192.168.100.2

In my example command, I use hardware accelerated video encoding which greatly increases performance, you may just want to use waypipe alone however which uses default settings, I highly recommend reading waypipe documentation for achieving the best performance for your setup and test it with your application of choice

For example: WLR_RENDERER=gles2 Labwc (executed on the Remote Machine Shell, will open it on your Local Machine's Compositor)

Finally, for setting up Remote File Access we use sshfs prior to connecting to the Remote Machine, this utility mounts a Remote Filesystem on a local directory through SSH and FUSE using the sftp protocol which is all encrypted

For example: sshfs -p 7777 user@192.168.100.2:/home/user/RemoteDirectory/ /home/user/LocalDirectory/

Nice, now we have it all set up and ready to work, we can finally make it convenient to use, in my case I prefer to run all of this as a script easily accessible on my terminal as a single command that executes the script located on my scripting environment, and we add two more commands that just unloads the Remote Filesystem mount when we're done

For an example script:

sshfs -p 7777 user@192.168.100.2:/home/user/RemoteDirectory/ /home/user/LocalDirectory/
waypipe --video h264 ssh -p 7777 -l user -R $XDG_RUNTIME_DIR/pulse-server-"$RANDOM":$XDG_RUNTIME_DIR/pulse/native 192.168.100.2
umount /home/user/LocalDirectory/

Let's say we create this script and it's saved in our home folder, we just have to make it executable (chmod +x scriptdir) and run it from our Terminal Emulator

For example: ./Remote\ Machine1.sh

And it will automatically set up everything for us and ask for our Credentials, we have a perfect workspace that imitates that of a remote desktop experience, on Wayland (may not be exclusive to this but that's what I'm doing here)

Did I miss anything? Have suggestions? Let me know what can be done better and I'll update this post, thanks for reading and have a good one

Author @Coki91@lemmy.world

Following the mainline Linux kernel support for the VisionFive 2 RISC-V single board computer from StarFive, Linux kernel patches are on the way for their new VisionFive 2 Lite low-cost offering. With the StarFive VisionFive 2 Lite this RISC-V board can be procured for as little as $19.9 USD as one of the cheapest yet fairly capable RISC-V SBCs.

The VisionFive 2 Lite is a recently crowd-funded effort from StarFive Tech with the cheapest 2GB version costing just $19.9+ USD while 4GB of RAM and WiFi will cost $30+ and 8GB with WiFi at $37+.