It’s fantastic they were able to find these issues!
That four new CVEs (two high-severity!) were found in a mature and well-tested library like png reminds me how non-trivial and unforgiving software engineering can be.
Security flaws are often just waiting behind the corner: this should be humbling lesson for all of us.
Xdotool and Xmodmap are the two main reasons why, after a few months running Wayland+keyd+dotool I went back to X11. I found really hard to have the following things working at once:
- Italian layout for my keyboard with heavily-customized AltGr keys for mathematical notation (in X11 it's just a matter of having a Xmodmap file)
- Using Espanso for many common shortcuts like :date: (current YYYY-MM-DD date) and :pidigits:
- A reasonable way to run Windows in a VM while using an Italian layout for my keyboard
- The possibility to use automation scripts using something as close as possible to xdotool
- Sometimes I use my home keyboard, sometimes I use my work keyboard, and sometimes I use my laptop keyboard. I expect the system to work in the same way regardless of my input device
It's not that Wayland prevents one from doing all this stuff, but the available solutions were fragile and complicated and took me so long before figuring solutions that only worked partially... For instance, to make keyd work as expected, I was forced to set up my Italian keyboard as an English keyboard and then remap all the keys manually... And every time I plugged a new keyboard, I had to tell keyd to enable my customizations on it, because telling it to use the layout with any keyboard conflicted with VirtualBox.
I understand that X11 is too complicated to be maintained, but from an user's perspective, so far I am far more efficient in X11.
What's wrong with this case? Virtual machine reports invalid key codes to the guest? You need to have the proper layout in Windows, as (virtual) hardware only reports key codes.
A few months have passed and I might not remember everything correctly, but there was a series of problems:
- I use several symbols as Greek letters (α, β, γ…) and mathematical operators (×, −, ·, ∂…), and after much digging I found that the only way I could make keyd work with them was to choose a US keyboard layout. So, I had to write a configuration file for keyd to remap not only the special characters listed above, but every character of the Italian keyboard (è, é, ò, à, ù…). This extensive remapping required then an exception for Espanso to prevent `keyd` from intercepting its virtual keyboard output.
- However, this forced US-layout setup created a conflict with VirtualBox that I was unable to solve. When I installed Windows and selected the Italian layout inside the VM, the guest OS received the raw key codes corresponding to a US physical keyboard (due to the keyd remapping layer). Since the guest OS expected Italian key codes, all the standard Italian keys (like è, à, ò) stopped working correctly. Without keyd enabled, the standard Italian layout worked perfectly in the VM.
- The attempts to create application-specific exceptions (e.g., to disable keyd for the VM window) using tools like keyd-application-mapper did not function correctly in my KDE environment because of known issues in these tools.
- Finally, introducing new hardware like my Corsair keyboard added another layer of complexity, as its Linux driver (ckb-next) was incompatible with the active keyd remapping layer. This was the point when I decided to revert to X11.
I should definitely collect all these details and write a blog post about it…
As others have commented, this trick alone cannot ensure truly "reproducible" builds.
We used the same trick (git hash + git diff to monitor uncommitted changes) in a Python simulation framework we are developing for the JAXA/EU space mission "LiteBIRD." [1]
> C++17 mode is the default since GCC 11; it can be explicitly selected with the -std=c++17 command-line flag, or -std=gnu++17 to enable GNU extensions as well.
which does not imply a change in an obscure feature (bootstrapping) that would only affect a few users.
That seems very likely. One of the first things I'd noticed back in the early 90s when I got my shell account and used Pico for the first time was that the UI was similar (not exact copy, mind you) of how Wordstar was, with some basic guidance at the bottom to get you started.
Also kind of reminds me of the old Telix terminal software for MS-DOS, with the bottom status bar. Not exactly the same, but again quite similar in the approach to have you just quick glance at the bottom of your screen for a HUD.
I run Kitty and use this feature regularly. Most of the time, I rely on it within Yazi [1], a TUI file manager, but I can also display plots within the Julia REPL, thanks to the KittyTerminalImages.jl package [2]. It's even more crucial when I'm navigating a remote directory and need to check an image file, as I usually have timg [3] installed on those servers. Once you discover how valuable this is, it becomes a permanent part of your workflow.
Definitely. I use KittyTerminalImages.jl often, and also the image.nvim plugin for embedding images into a Markdown or other buffer in Neovim: https://github.com/3rd/image.nvim
What strikes me is the fact that nuclear power has received an incredible amount of backslash after the Chernobyl incident (a few thousands deaths) and the Fukushima incident (one disputed death), but hydroelectric power is considered a "good" source of energy despite a few incredibly deadly incidents:
- Banquiao (China, 1975): between 26.000 and 240.000 [1]
- Derna (Lybia, 2023): between 6000 and 20.000 deaths [2]
I think this line of thinking comes from a westernized world where all water is controlled.
Many dams have been built around the world not for power generation, but to control flooding. The power generation is a secondary concern.
In aggregate dams have saved far more lives, by managing flood waters.
The great thing in 2025 is that we don’t need either the dam or nuclear risk for our electricity needs.
Just build renewables and storage and the risk for the general public is as close to zero as we can get. The only people involved in accidents are those that chose to work in the industry installing and maintaining the gear.
We should of course continue to focus on work place safety but for the general public the risk of a life changing evacuation, radiation exposure or flood from dam failure does not exist.
As you say, dams are a net positive, and while failures do happen, these days we tend to be wiser about where we put PHES in particular.
I guess I’m surprised it isn’t more of an option for California - the U.K. uses Snowdonia as a giant battery, and afaik there’s been one failure of a dam that wiped half of trefriw off the map a century ago - which wasn’t hard as it’s a speck of a place. Since then the lakes have pretty reliably and safely provided somewhere to stick excess energy, and now are largely pumped by the offshore wind arrays nearby.
California has big mountains, but I’m not sure if the geology or terrain is right for PHES.
In Quebec, most of the dams are in the middle of nowhere, but your point still stands.
There are costs/risks for most forms of power. If you're in an environment where wind and solar can make economical sense, go for it. For reliable base loads, I still think order of preference should be:
- geothermal (very rare and hard to do at scale, though)
- hydro
- nuclear
- natural gas
- oil/diesel (at very small, localized levels eg remote villages)
If a nuclear reactor was bombed during the war, would the resulting deaths be counted as a nuclear disaster and used as argument against it, or just another war crime? Depends who you ask I'd say.
Does that really matter? The cleanup costs are still socialized.
It is time we move on from the fossil tradition of socialized losses on private profits [1] and instead let the nuclear industry bear their true insurance cost.
Then I suppose nuclear power is also a scam given thant 45% of the capacity in Sweden was out last week and we all know how it went for the French during the energy crisis. [1]
The electricity grid is fundamentally running on marginal cost. How will you force everyone with rooftop solar and home batteries to buy horrendously expensive new built nuclear power when they can supply their own electricity?
I am just correcting misinformation and disinformation.
And no, you suppose incorrectly.
Intermittent renewables are a scam, because they get to privately reap benefits and socialize their costs, particularly their intermittency.
They can be useful, as long as they have to bear the costs of being intermittent. That means at minimum no feed-in priority and no fixed and/or guaranteed feed-in prices. Ideally, they would be required either (a) provide guaranteed power or (b) only be allowed to feed in after all the reliable plants.
This tells me you don't know how a grid works. You do know that the demand is variable right?
With the same reasoning nuclear power is a scam because it can't adapt to the grid demand and forces gas peakers to sit in standby. Socializing the losses, to use your words.
In California the grid shifts between ~15 GW at the minimum and 52 GW at the peak.
When studies have looked at the difference in dispatchable power required comparing majorly renewables or nuclear powered grids when meeting true a grid demand the difference is quite small.
It does favor nuclear power but the differences are not significant in the grand scheme of things when factoring in the absolutely stupid cost for new built western nuclear power.
These studies of course did not take into account 45% of the nuclear fleet being offline, they modeled it based on their average ~85% capacity factor.
Or are you suggesting that we should have peaking nuclear plants to match grid demand? So it isn't a scam for the ratepayers?
The one who doesn't know how the grid works is you.
Some demand is variable. But a lot (usually most) is not. So having reliable base generation is highly valuable and not having that base-load generation ramp up and down is a feature, not a bug.
Intermittent generation is not variable, it is intermittent. Whereas to meet variable demand it would need to be dispatchable. Look it up.
Intermittent renewables are not dispatchable. Not even a bit.
The US nuclear fleet's CF has hovered over 90%. France's is only in the high 70s or low 80s because they do extensive load following (the stuff you say nuclear can't do...they've only been doing it for four decades or so).
France took its fleet offline in the summer of 2022, because that is where demand is lowest and generation from intermittent renewables is highest, for example Germany typically has to give away lots of electricity (or even pay consumers to get rid of it) because of their guaranteed feed-in.
In the end, France had to import only 4% of its electricity even in 2022, and most of that was in the summer, again where electricity prices are lowest because of high generation and low demand. And during all the other years it tends to be largest exporter of electricity in Europe if not the world.
So it is apparently fine to balance a nuclear grid with fossil fuels????
Just pretend that the fossil fuels doesn’t exist by exporting the nuclear electricity and have someone else build them and balance both grids!
What do you think would happen if you tried sticking two French grids with an over supply of nuclear powered electricity when no one wants the electricity next to each other?
You mean the brownouts storage and renewables have now completely fixed?
Yeah, way faster than handouts to new built nuclear power and waiting until the 2040s for the solution!
> Sweden just approved new nuclear construction, after rescinding a nuclear exit.
Yes. The current government has spent soon four years pushing paperwork around. They want nuclear power without having to accept the costs.
They seem to not want to have the costs associated with new built nuclear power subsidies on their political records for their entire careers.
I bet they will push through a monstrous handout package the final weeks before the election next September and then spend years crying about it being cut.
That's a fair point. I think the author intended the post to be a treasure trove of ideas for your own scripts, not as something to blindly include in your daily workflow.
It has been said that Italy is extremely vulnerable to fake news. I am not sure that we are more vulnerable than others, but it is a fact that local media provide news that is sloppy at best if not even willfully deceitful.
A couple of examples found in a book I read recently about the Fukushima incident:
- “Tokyo, a capital in agony. «We will never live here again.»”, from La Repubblica (March 20th, 2011) [1] The lead paragraph of the article reads, “Fear and nightmare of radiations: four million have already fled what was perceived as a model city”. At the time, Tokyo had 13 million people; a loss of 4 million would have meant a catastrophic collapse of the city and would have been recorded by the local media. None of this happened.
- “Fukushima, ten years after the tsunami and nuclear disaster. A return to normalcy amid abandoned lands and fears of radiation”, from Il Fatto Quotidiano (March 11th, 2021, ten years later) [2]. The lead paragraph says, “It was the worst nuclear disaster since the Chernobyl accident in 1986. Twenty thousand people died.” The number 20,000 refers to the victims of the tsunami, but there is only one (disputed) victim caused by the nuclear accident.
That four new CVEs (two high-severity!) were found in a mature and well-tested library like png reminds me how non-trivial and unforgiving software engineering can be.
Security flaws are often just waiting behind the corner: this should be humbling lesson for all of us.