Planet Alpha Nsa

Learn about NSA's role in U.S. Includes information for students and educators, cybersecurity professionals, job seekers/careers, and also partners and affiliates.

So you have probably seen the announcement. I am so happy and proud of this effort as it comes as the culmination of our hard effort over the last 6 years to drain the swamp and make Linux a more viable desktop operating system.I am also so happy and proud that Lenovo was willing to work with us on this effort as they provide us with an incredible opportunity to reach both new and old Linux users around the globe with these systems, being the worlds biggest laptop maker with the widest global reach.

Because one important aspect of this is that Lenovo will provide these laptops through all their sales channels in all their markets. With GTK 4 getting closer to completion, now is a good time to provide an overview of how custom widgets will look in GTK 4.This series of posts will look at the major aspects of writing a widget, and how they changed compared to GTK 3. The articles will provide a high-level overview; for a detailed checklist for porting an application to GTK 4, look at the. IntroductionThe general direction of our API changes has been to emphasize delegation over subclassing.

One of the motivations for this is to make writing your own widgets easier and less error-prone. As a consequence, you will see a lot more auxiliary objects that take over aspects of functionality from core widget classes. And many widgets are now final classes – deriving directly from GtkWidget is expected.Another general trend in our API is that “everything is a widget.” In GTK 3, we slowly broke up complex widgets into their constituent parts, first with CSS nodes and then with gadgets. In GTK 4, for example the trough and the slider of a GtkScale are fully formed sub-widgets which can maintain their own state and receive input like any other widget.A big loser in the GTK 4 transition is the GtkContainer base class. It has become much less important. Any widget can have child widgets now. Child properties have be replaced by layout children and their properties.

And all focus handling has been moved from GtkContainer to GtkWidget.Another big loser is GtkWindow. In GTK 3, all the “popups” (entry completion, menus, tooltips, etc) were using a GtkWindow underneath. In GTK 4, most of them have been converted to popovers, and the GtkPopover implementation has been untangled from GtkWindow.

In addition, many pieces of toplevel-specific functionality have been broken out in separate interfaces called GtkRoot and GtkNative. OutlookIn the next post, we’ll look how widgets in GTK 4 do their own drawing with render nodes. Talk is in Spanish. If interested you can ask or comment at the. The recording quality is not good enough: it’s the first time I record a talk with the amazing application.

It’s not a great work but it does the job. JClic published at FlathubI’m very happy to announce the JClic educative opensource application! The Linux kernel lockdown patches last year, which means they're now part of multiple distributions. For me this was a 7-year journey, which means it's easy to forget that others aren't as invested in the code as I am.

Here's what these patches are intended to achieve, why they're implemented in the current form and what people should take into account when deploying the feature.Root is a user - a privileged user, but nevertheless a user. Root is not identical to the kernel. Processes running as root still can't dereference addresses that belong to the kernel, are still subject to the whims of the scheduler and so on. But historically that boundary has been very porous.

Various interfaces make it straightforward for root to modify kernel code (such as loading modules or using /dev/mem), while others make it less straightforward (being able to load new ACPI tables that can cause the ACPI interpreter to overwrite the kernel, for instance). In the past that wasn't seen as a significant issue, since there were no widely deployed mechanisms for verifying the integrity of the kernel in the first place. But once UEFI secure boot became widely deployed, this was a problem. If you verify your boot chain but allow root to modify that kernel, the benefits of the verified boot chain are significantly reduced. Even if root can't modify the on-disk kernel, root can just hot-patch the kernel and then make this persistent by dropping a binary that repeats the process on system boot.Lockdown is intended as a mechanism to avoid that, by providing an optional policy that closes off interfaces that allow root to modify the kernel. This was the sole purpose of the original implementation, which maps to the 'integrity' mode that's present in the current implementation. Kernels that boot in lockdown integrity mode prevent even root from using these interfaces, increasing assurances that the running kernel corresponds to the booted kernel.

But lockdown's functionality has been extended since then. There are some use cases where preventing root from being able to modify the kernel isn't enough - the kernel may hold secret information that even root shouldn't be permitted to see (such as the EVM signing key that can be used to prevent offline file modification), and the integrity mode doesn't prevent that.

This is where lockdown's confidentiality mode comes in. Confidentiality mode is a superset of integrity mode, with additional restrictions on root's ability to use features that would allow the inspection of any kernel memory that could contain secrets.Unfortunately right now we don't have strong mechanisms for marking which bits of kernel memory contain secrets, so in order to achieve that we end up blocking access to all kernel memory. Unsurprisingly, this compromises people's ability to inspect the kernel for entirely legitimate reasons, such as using the various mechanisms that allow tracing and probing of the kernel.How can we solve this? There's a few ways:. Introduce a mechanism to tag memory containing secrets, and only restrict accesses to this. I've and it turns out to be hard, but this is probably the best long-term solution. Add support for privileged applications with an appropriate signature that implement policy on the userland side.

This is actually possible already, though not straightforward. Lockdown is implemented in the LSM layer, which means the policy can be imposed using any other existing LSM. As an example, we could use SELinux to impose the confidentiality restrictions on most processes but permit processes with a specific SELinux context to use them, and then use EVM to ensure that any process running in that context has a legitimate signature. This is quite a few hoops for a general purpose distribution to jump through.

Don't use confidentiality mode in general purpose distributions. The attacks it protects against are mostly against special-purpose use cases, and they can enable it themselves.My recommendation is for (3), and I'd encourage general purpose distributions that enable lockdown to do so only in integrity mode rather than confidentiality mode. The cost of confidentiality mode is just too high compared to the benefits it provides. People who need confidentiality mode probably already know that they do, and should be in a position to enable it themselves and handle the consequences.comments.

Before the event A. Coordinationa) The speakersThe idea was gathering all the Peruvian GNOME lovers to share our experiences with GNOME throughout all the past ten years to all our viewers around the world.(juazisco) is currently a chief in the IT area of the Health Public sector in Peru. He has been previously involved in the initiative(cfoch) is a member of the GNOME Foundation, GSoC mentor and ex- student. He also supported GNOME Peru events such as.(zodiafireworks) is a enthusiastic person who helped me in organizing previous GNOME events such as and.(aragcar) has been a designer for many FLOSS events I have organized for years. He participated in the. One of the first designs he did.(aweba) is a Frontend developer who has also participated in several GNOME events in Peru since 2016. She wrote most of her experiences with GNOME.(aggalex) is a student from Greece, and our only international guest. We have met in the GUADEC 2019 and we did together a workshop at.

We had two previous meetings before the event online as you can see in the pictures:B. AdvertisingFirst of all, the GNOME marketing team was informed, as well as the GNOME members through the.

I also documented this event in the.The event was promoted using the fan page from I and in the fan page of.Special thanks to who designed the poster for the event.C. Setting up the technologyWe basically did a streaming on Facebook using and to present GNOME 3.36. During the eventAs it was, the streaming started at 9am (Peruvian time). The speakers and myself were ready on time for the transmission. However, we only saw a few of people connected.

This is understandable due to time difference between UK and other parts of the world. During this quarantine time, people usually sleep late, and might wake up late to prepare their brunch around 11 am Anyway, we officially started 9:30 a.m. (Peruvian time).Our transmission lasted around 5 hours as it was planned. Thank to all the speakers that were connected the five hours in a raw. Fiorella Effio had prepared her GNOME on Ubuntu, but she did not do a presentation due to a technical issue.

We had very few views online ranging from 9 to 25 people. Some of them expressed interested in joining GNOME.In the UK, the event started in the afternoon and it finished at night time. I was so glad to arrange my first online event.

Special thanks to Angelou for his kind help. Greece has two hours ahead UK, but Angelou was always there for the meetings with our team.This quarantine time made me change the format of the GNOME parties I use to organize. We have celebrated the new version 3.36.1 with the usual balloons and selfies. I used cereals instead of a consistent cake.

After the eventOverall, I am satisfied and happy that new people showed interest in the GNOME project. The streaming has reached so far more than 6,500 people, and more than 1,700 views.You are so welcomed to see our event!Thanks to all the world! #stayHome #staySafe #stayEducated.

Modern optimizing compilers are. They have tons and tons of tricks to make even crappy code run incredibly fast. Faster than most people could write by hand. This has lead some people to claim that program optimization is something that can be left to compilers, as they seem to be a lot better at it. This usually sparks a reply from people on the other end of the spectrum that say that they can write faster code by hand than any compiler which makes compilers mostly worthless when performance actually matters.In a way both of these viewpoints are correct. In another way they are both wrong. To see how, let's split this issue into two parts.A human being can write faster code than a compiler for any given program.

!CDATAEndless have recently released the for their Linux based operating system. As someone who used to work there in product, and is still friends with a number of Endless-ers I upgraded my personal machine and checked it out. This is a “trip report” of my notes and may be a little bitty but I hope it’s useful feedback for the developers and designers and maybe encourages a few other people to give Endless a go.Things that are greatAlways the first thing to comment on with a new Endless release but the upgrade process driven by ostree is still class leading. A quick download, reboot and you’re in. And the reassurance of a quick and reliable rollback as well, always handy when testing a beta!The star of the show is the GNOME 3.36 improvements, which have been.

Many of these features have been on the Endless plan for years, some of them, like the login screen I remember discussing in the. It’s really exciting to see these kinds of long term projects delivering.The aforementioned new Login is the first change you’ll see, the new design means no animation judders in reveal on HiDPI screens. Revealing inline password peeking answers a big user need. It’s just a much slicker experience end to end.The new App Grid is just plain marvellous. It keeps the direct access to content of the initial design but the implementation now has a real solidity and materiality. With multiple pages the two finger scroll animation is a joy and it’s equally good on a touchscreen.

The new folder position, reveal and hide animation is good as well. Hello world again! I am thrilled to announce that I am organizing the GNOME PERU FEST 2020 via online. Thanks to Maricielo, one of the designer team of the company Tunqui Creativo, we have published our event in the Facebook page of.You might take a look into the I am planning to present for my first introductory part of GNOME of the event. In case you have suggestions to improve, they are so welcomed! Sorry if the information is in Spanish, but we mostly talk in Spanish in Peru.We are getting ready to introduce GNOME to the world in this quarantine:P.S.: During this quarantine, please stay at home, stay safe, motivated and educated. With GNOME 3.36 out the door, it’s time to start thinking about what comes next.

Those of us who work on GNOME UX are really proud of the latest GNOME shell release. It includes some major updates, particular the new lock screen and updated visuals, as well as a host of smaller improvements. 3.36 feels really nice to use, and has got a great response. The new lock screen in GNOME 3.36The lock screen work that we landed in 3.36 was the outcome of a long-running programme of UX work, which we first put together at the GNOME UX hackfest in London, back in 2017. There are still some outstanding pieces of the login/unlock experience that need to be filled in, and this is something that we hope to work on over the coming development cycle.

However, we are also turning our attention to other aspects of the shell, which we have wanted to update for some time.In the rest of this post, I’ll describe some of the areas that we’re hoping to improve, before going on to talk about how we’re going to do it. Focus areasThe areas that we are looking at mainly relate to the overview, although in places they touch other areas of the experience. They are: Application launchingOne thing we’ve wanted to improve for some time is the reliance on the alphabetical grid of launchers. This alphabetical organisation is mostly useful for finding applications by name, rather than presenting the apps that are most important or most likely to be used. This is something that the grid of frequent apps attempts to compensate for, but the overall experience doesn’t fit together as well as we’d like. The application gridFor application launching, the main goal is to make the apps space more useful – it needs to be easier to find the app that you want to launch.

However, we also want to make it a more engaging and personal part of the experience, so the apps space feels like it belongs to you. Overview spatial organizationWe are all familiar with the organisation of the overview: window thumbnails in the middle, dash on the left, search up top, workspaces on the right. Functionally this works fairly well. However, the layout could be better in terms of how the pieces fit together. In particular, the arrangement of the different elements could do a better job of communicating how they relate to one another, especially in terms of navigation.

The Activities Overview Boot and empty statesBoot into GNOME 3 and you’re presented with an empty desktop. Open the Activities Overview, and you’re again presented with an empty space in the middle of the screen. This experience isn’t particularly helpful, and doesn’t draw or guide the user into the experience. Overview initial stateWe’ve been aware of these disadvantages of the current design for almost the entire history of GNOME 3, and we have experimented with a few different solutions, but never managed to get them to a usable state. Now, as we take another look at how the overview is arranged, we’d like to have another attempt at getting this right. Touchpad navigationRight now, the touchpad gestures to move between workspaces are fairly straightforward: 4 finger swipe up and down. However, we currently don’t have an easy gesture to go in and out of the overview and, once you’re in it, we don’t have an easy way to navigate between the different areas (app launching and search in particular).Being able to scoot around different areas of the desktop using a touchpad (or, indeed, a touchscreen) would be a big win and is something we are keen to allow.

In order to do this, we need a simple model that people can use to navigate around, rather than having to learn multiple sets of gestures. How we’re going to do itWork in this area is already ongoing, and we’ve put a lot of thought into how to organise it in order to achieve a good result.

Research & designSome of the functionality that is under review is a prominent part of GNOME 3, so it’s important that any changes we make are a genuine improvement. When it’s a core part of the desktop, even a small regression can be a significant issue for some users.User research is going to be a key part of this process, both in order to ensure that we have a good understanding of user needs and requirements, as well as to test the outcome of design and development work, and modify it as necessary.We have already done some initial, limited research, to find out how many windows, apps and workspaces are typically in use. The next research phase is currently being planned, and will involve a series of show and tell exercises, combined with semi-structured interviews, to get a better sense of how people use their desktops, and how the design can be improved for them.Looking further ahead, we’ll conduct testing on any changes that we make, in order to evaluate how successful they are and ensure that users experience them as a genuine improvement over what came before.At each stage, we hope to share the results of our findings. Testing and iterationWherever possible, we are planning on landing UI changes incrementally, with an emphasis on maintaining a releasable product. This will allow us to pace our work and do testing and refinement throughout the development cycle, rather than just at the end.When it isn’t possible to compartmentalise UI changes, we are planning on making development builds available early, in order to carry out testing and iteration over a longer period.

This is likely to be the case for the bulk of any changes, due to the interconnected nature of the overview. Watch this spaceDesign changes to GNOME Shell can generate both speculation and uncertainty. We’d like to mitigate this as much as we can, so that people understand what changes are coming, why they are being made, and why they can be confident that they are a real improvement.Currently, there are a variety of experimental designs. However, we haven’t settled on a single proposal and don’t want to create false expectations by presenting them at this early stage. Hopefully once we have done more rounds of research we will be in a position to do this, and give a better idea of what UI changes might be coming further down the line.

Until then, we ask you to be patient!We also hope that the research, testing and feedback opportunities that we are planning will provide reassurance that any changes we eventually make will be positive. We are committed to make changes based on these data gathering exercises, if it turns out that the designs don’t perform as well as we’d hoped.We will endeavour to provide progress reports on this work as it progreses, so watch this space for news! The idea behind HawkTracer is very trivial and well-known - the design is a simple server-client architecture, where the profiling application (usually running on an embedded device) runs as a server that emits tracing events.

The serialized events are transmitted to a client through an user-specific protocol (by default TCP/IP and File are supported, but that can be extended by user). The client then can convert received events to some human-readable format - again, only few of them are supported by default (ChromeTracing and FlameGraph) but user can extend the client by adding more conversion methods.The HawkTracer itself is a library that's just linked to your executable, so there's no need to run separate profiling process. In GNOME, the API documentation is written with. For each module, it generates HTML pages plus a.devhelp2 index file. Then the documentation can be easily browsed and searched in the application.While GTK-Doc alone and Devhelp alone work fine, things get more complicated with cross-references: when there are links to symbols that belong to other modules. GTK-Doc handles this with gtkdoc-fixxref, but it needs to be correctly configured in the build system of each module.Then things get more complicated when installing pre-built documentation, instead of requiring every developer to build the gtk-doc documentation of every module that he/she cares about. Linux distributions have packages to install such documentation, but the cross-references may be broken.With and, I think it would be feasible to:.

Build all the API documentation of GNOME and host the result on a server. Finally say goodbye to cross-reference link problems. Have a CLI tool to download the latest GNOME API docs and install them in the right place so that Devhelp picks them.

Bonus point if you can choose the version, stable vs development, etc. Publish also these docs on.I’ve just described the insert here missing GNOME project thing. It can be – and should be – done independently of both GTK-Doc and Devhelp. I cannot offer you mentoring help on this project, I’m already sufficiently busy with and; but GTK-Doc, Devhelp and BuildStream are normally well documented.If you’re bored, it’s a project that would be tremendously useful to all developers that use the “G platform”. Today's article looks at browser WebAssembly implementations from a compiler throughput point of view. As I wrote in my article on, web browsers have multiple wasm compilers: some that produce code fast, and some that produce fast code.

Implementors are willing to pay the cost of having multiple compilers in order to satisfy these conflicting needs. So how well do they do their jobs? Why bother?In this article, I'm going to take the simple path and just look at code generation throughput on a single chosen WebAssembly module. Think of it as X-ray diffraction to expose aspects of the inner structure of the WebAssembly implementations in SpiderMonkey (Firefox), V8 (Chrome), and JavaScriptCore (Safari).experimental setupAs a workload, I am going to use a version of the 'Zen Garden' demo.

This is a 40-megabyte game engine and rendering demo, originally released for, and compiled to WebAssembly a couple years later. Unfortunately the original was disabled at some point in late 2019, so it no longer has a home on the web. A bit of a weird situation and I am not clear on licensing either. In any case I have a version downloaded, and have hacked out a minimal set of 'imports' that the WebAssembly module needs from the host to allow the module to compile and link when run from a JavaScript shell, without requiring WebGL and similar facilities.

So the benchmark is just to instantiate a WebAssembly module from the 40-megabyte byte array and see how long it takes. It would be better if I had more test cases (and would be happy to add them to the comparison!) but this is a start.I start by benchmarking the various WebAssembly implementations, firstly in their standard configuration and then setting special run-time flags to measure the performance of the component compilers.

I run these tests on the core-rich machine that I use for browser development (2 CPUs for a total of 40 logical cores). The default-configuration numbers are therefore not indicative of performance on a low-end Android phone, but we can use them to extract aspects of the different implementations.Since I'm interested in compiler throughput, I'm not particularly concerned about how well a compiler will use all 40 cores. Therefore when testing the specific compilers I will set implementation-specific flags to disable parallelism in the compiler and GC: -single-threaded on V8, -no-threads on SpiderMonkey, and -useConcurrentGC=false -useConcurrentJIT=false on JSC. To further restrict any threads that the implementation might decide to spawn, I'll bind these to a single core on my machine using taskset -c 4. Otherwise the machine is in its normal configuration (nothing else significant running, all cores available for scheduling, turbo boost enabled).I'll express results in nanoseconds per WebAssembly code byte.

Of the 40 megabytes or so in the Zen Garden demo, only 23 891 164 bytes are actually function code; the rest is mostly static data (textures and so on). So I'll divide the total time by this code byte count.I tested V8 at git revision 206, SpiderMonkey at hg revision 8ec2329bef74, and JavaScriptCore at subversion revision 259633. The benchmarks can be run using just a shell; see. I timed how long it took to instantiate the Zen Garden demo, ensuring that a basic export was callable.

I collected results from 20 separate runs, sleeping a second between them. The bars in the charts below show the median times, with a histogram overlay of all results.results & analysisWe can see some interesting results in this graph.

Note that the Y axis is logarithmic. The 'concurrent tiering' results in the graph correspond to the default configurations (no special flags, no taskset, all cores available).The first interesting conclusions that pop out for me concern JavaScriptCore, which is the only implementation to have a baseline interpreter (run using -useWasmLLInt=true -useBBQJIT=false -useOMGJIT=false). JSC's WebAssembly interpreter is actually structured as a, which is then run by a built using the same infrastructure as JSC's JavaScript interpreter (the ). Recently, I have been working on running GNOME OS on the Pinebook Pro.GNOME OS is a bootable image used to test vanilla GNOME withoutdependencies on distributions. It is upgradable through OSTree and hasFlatpak to allow installation of applications. GNOME OS is built using. Basic dependencies areprovided by.The isa $200 arm 64 laptop from PINE64.The merge request I am working on is available at:U-Boot and the Linux kernel are not yet mainline.

The source of thelinux kernel we use for the moment is the branch for Manjaro’s buildmaintained. U-Boot isbuilt from a branch maintained by.Apart from that we mostly use all the components of a standard GNOMEOS image, including Wayland and EFI boot through systemd-boot.

How to test itFirst, note that this is a work in progress, so do not open issuesbefore the branch is merged. Instead, you may comment on the. Butdo not expect everything to work.(Edit: You can also join #gnome-os on GIMPNet)To download the image, find the latest,where the last bullet is green. On that bullet, selectpinebook-pro-image.

Then download the job artifact.In that job artifact, there will be a file named disk.qcow2. You canflash it to an sd card or an eMMC module using qemu-img dd if=disk.qcow2 of=/dev/device-to-which-to-write.If you do not get anything to boot, I recommend you use theto debug the issue.

Updating the keyboard and touchpad firmwareSome first batches of the Pinebook Pro require a firmwareupdate. Unfortunately, there is no automatic way to do it at themoment.If your keyboard is an ISO keyboard, do the following. It took me a while since and my and, I hope,. There were some reasons:. I was completely new to Flatpak,. the big amount of work to write the manifest of a non trivial application compiled completely from scratch,.

the complexity at that time of working with Java and Flatpak.Well, it has been time to resume the task. I’m not really an user (I’ve used it just a few times in all these years) but I feel committed helping it to be better known and used in the Linux Desktop. In the past I made a lot of work with technical translations and I fully understand the power of the tool for profesional users and it’s opensource: as far as I know OmegaT is the best CAT (Computer Assisted Translation) opensource tool in the world.So I’m here again and did some work for a final product. Today the work is a lot of easier because the existence of the (see ). Thanks for this extension! It’s so nice I’m finishing other two java programs to be published at Flathub:. For this release series I’m taking the easy way of packaging the binary portable bundle instead of compiling from sources because it’s tedious.

I am concerned it’s not the best practice. And this time I’ve started from a more recent version beta 5.2.0.I invite you to give it a try and provide some feedback if any. Some details:. install it:. $ wget (about 170Mb);. $ flatpak install -user org.omegat.App.flatpak. a for moving the XDG metadata resources;.

Games you may like Formula 1 Championship Edition The most realistic PlayStation sports racing game of the '96 season returns with spectacular new features. Formula One 99 Faithful recreation of all 16 of the 1999 Grand Prix circuits, including the latest addition to the calendar, the Sep. All 22 drivers and 16 tracks from the 1998 Formula One season are included in this racing game. It has an Arcade mode & a realistic Grand Prix mode, with car setups and trickier handling. Split-screen and four-player link options are offered. There is a new in-car view and more overall camera vi. Formula 1 '98 includes full multiplayer options on both PlayStation and there's never been a better chance to rev up and spin some rubber with the world's most glamorous motor sport! Review The fourth PlayStation title in Psygnosis' series of Formula 1 sims, Formula 1 98 continues the franchise, adds some new features, refines a few old ones, blows it on a few minor details,. Is still really hard to drive. Get Formula 1 98, Racing, Driving Simulator game for PS console from the official PlayStation® website. Know more about Formula 1 98 Game.

it will be using, the LTS OpenJDK extension at Flathub.Remember when you install a Flatpak package it is fully self-contained, you don’t need to install anything more (in this case the JRE is included in the bundle) and it’s isolated from the rest of the desktop so you’ll be able to keep an install indefinitely without worrying it will broke on any operating system update.Remember too you could install this bundle in any modern Linux desktop. And docbook-style-xsl. Docbook-style-xsl bug with GTK-Doc on FedoraOn Fedora, building GTK-Doc API documentation is buggy since several years, normally each module contains the following indexes:. For each version, the list of new symbols, for example “Index of new symbols in 3.36”. The “Index of deprecated symbols”.These indexes are very useful to keep up with new versions of libraries, in addition to reading the NEWS files. On Fedora, these indexes are not generated by default.It’s because of this bug:,.Simple fix on Fedora: downgrade to and add this line to your /etc/dnf/dnf.conf:excludepkgs=docbook-style-xslThen rebuild the GTK-Doc API documentation of the modules you care about, for example in JHBuild for GLib add this to your jhbuildrc:modulemesonargs'glib' = '-Dgtkdoc=true'Then run Devhelp in a jhbuild shell, you can add this alias to your bashrc:alias devhelp='jhbuild run devhelp'or (additional small tip):alias devhelp='jhbuild run devhelp -new-window'Enjoy!

Now you can finally keep up with what’s new in GLib, from the comfort of the Devhelp API browser application(Sorry for the not-very-interesting blog post, with a bit of hope the bug will be fixed upstream in docbook-style-xsl, or Fedora will follow the recommendation of the upstream developer to package the previous version instead). Intel's Dynamic Platform and Thermal Framework (DPTF) is a feature that's becoming increasingly common on highly portable Intel-based devices.

The adaptive policy it implements is based around the idea that thermal management of a system is becoming increasingly complicated - the appropriate set of cooling constraints to place on a system may differ based on a whole bunch of criteria (eg, if a tablet is being held vertically rather than lying on a table, it's probably going to be able to dissipate heat more effectively, so you should impose different constraints). One way of providing these criteria to the OS is to embed them in the system firmware, allowing an OS-level agent to read that and then incorporate OS-level knowledge into a final policy decision.Unfortunately, while Intel have released some amount of support for, they haven't included support for the adaptive policy.

And even more annoyingly, many modern laptops run in a heavily conservative thermal state if the OS doesn't support the adaptive policy, meaning that the CPU throttles down extremely quickly and the laptop runs excessively slowly.It's been a while since I really got stuck into a laptop reverse engineering project, and I don't have much else to do right now, so I've been working on this. It's been a combination of examining what source Intel have released, reverse engineering the Windows code and staring hard at hex dumps until they made some sort of sense. Here's where I am.There's two main components to the adaptive policy - the adaptive conditions table (APCT) and the adaptive actions table (APAT). The adaptive conditions table contains a set of condition sets, with up to 10 conditions in each condition set. A condition is something like 'is the battery above a certain charge', 'is this temperature sensor below a certain value', 'is the lid open or closed', 'is the machine upright or horizontal' and so on.

Each condition set is evaluated in turn - if all the conditions evaluate to true, the condition set's target is implemented. If not, we move onto the next condition set.

There will typically be a fallback condition set to catch the case where none of the other condition sets evaluate to true.The action table contains sets of actions associated with a specific target. Once we've picked a target by evaluating the conditions, we execute the actions that have a corresponding target. Actions are things like 'Set the CPU power limit to this value' or 'Load a passive policy table'. Passive policy tables are simply tables associating sensors with devices and an associated temperature limit. If the limit is exceeded, the associated device should be asked to reduce its heat output until the situation is resolved.There's a couple of twists.

The first is the OEM conditions. These are conditions that refer to values that are exposed by the firmware and are otherwise entirely opaque - the firmware knows what these mean, but we don't, so conditions that rely on these values are magical. They could be temperature, they could be power consumption, they could be SKU variations. We just don't know. The other is that older versions of the APCT table didn't include a reference to a device - ie, if you specified a condition based on a temperature, you had no way to express which temperature sensor to use. So, instead, you specified a condition that's greater than 0x10000, which tells the agent to look at the APPC table to extract the device and the appropriate actual condition.Intel already have a Linux app called that implements a subset of this - you're supposed to run the binary-only against your firmware to parse a few bits of the DPTF tables, and it writes out an XML file that Thermal Daemon makes use of.

Unfortunately it doesn't handle most of the more interesting bits of the adaptive performance policy, so I've spent the past couple of days extending it to do so and to remove the proprietary dependency.My current work is - it requires a couple of kernel patches (that are in the patches directory), and it only supports a very small subset of the possible conditions. It's also entirely possible that it'll do something inappropriate and cause your computer to melt - none of this is publicly documented, I don't have access to the spec and you're relying on my best guesses in a lot of places. But it seems to behave roughly as expected on the one test machine I have here, so time to get some wider testing?comments. Recently, I’ve been working on a few widgets for libhandy to provide applications more flexibility with how to handle their titlebars.But doesn’t GTK already allow this? Let’s take a look.First, GTK has a widget called GtkHeaderBar.

It looks like a titlebar, has a close button, a title, a subtitle and allows to add widgets at the left or right sides, or to replace title and subtitle with a custom widget.Second, there’s gtkwindowsettitlebar function that allows to set a widget as a custom titlebar. GTK will place that widget above the main window area, and then it can be dragged to move the window, and will handle right click menu, double click and middle click. Additionally, GTK will draw client-side window border and/or shadows and provide an area to resize the window with. Naturally, GtkHeaderBar is a perfect fit for it, although nothing is preventing other widgets from being titlebars.If nothing is set, GtkWindow will use a GtkHeaderBar with a special style class (.default-decoration) as a titlebar on Wayland, or legacy decorations on X11.This approach works well if an application just wants to have a titlebar with some widgets in it.

However, in many cases it’s more complex. Let’s take a look at some cases that are difficult or impossible to implement right now. Split headerbars Settings 3.36, using a split headerbarA very common case is for dual-pane applications to have a separate titlebar for each pane, also known as split headerbars. To do this, you have to create a horizontal box with the panes divided by a separator, and put it into the window.

Then you create another box containing two headerbars and another separator, and set that box as a titlebar. Then you need to ensure the width of the headerbars matches the content panes, either by hardcoding it or using a horizontal GtkSizeGroup. And then there’s the whole problem of ensuring the window controls show up on the correct headerbars.Fast forward to 2020, now we have libhandy and HdyLeaflet.

Now instead of two boxes you use two leaflets, and now it’s necessary to use a GtkSizeGroup for each pane, to ensure the folding animation doesn’t go out of sync. For window controls libhandy provides HdyHeaderGroup, so at least that’s simple. Also, you wrap the titlebar leaflet into a HdyTitleBar.And then leaflet gained support for. Since we have two leaflets, their swipe progress has to be synchronized via a HdySwipeGroup, so that brings the number of the helper “group” objects to four.

Stack navigation Software 3.36 showing Software 3.36Somewhat related, many applications have multiple views, with a separate GtkHeaderBar for each view. This includes the split headerbar case on mobile, where the two leaflets shows only one view at a time.It’s implemented via GtkStack. One stack in the window has the views, and another stack in titlebar has headerbars, then you always change their visible child at the same time. Libhandy 1.0 will have HdyDeck allowing back/forward swipes the same way HdyLeaflet does, and so the two decks must be synchronized via a HdySwipeGroup too.Stack navigation and split headerbars can be combined, with some views having split headerbars, and others having just one headerbar. Either way, you have to duplicate the whole hierarchy between the window and titlebar and keep it in sync, however complex it might be.In both cases you might want to animate the transition. With swipes it’s pretty much necessary. And doing that the window corners during the transition.libhandy has a workaround for that called HdyTitleBar.

It’s a simple GtkBin subclass that looks like a headerbar. Combined with the fact Adwaita CSS specifies transparent background for any nested headerbars, it means you can put a stack/box/leaflet/deck/anything with headerbars into a HdyTitleBar and animate them without moving the background, working around the corners issue. It’s not perfect, as tall content (such as a separator) would still overlap the corners, but it works in most cases. Autohiding headerbarSome applications want to hide headerbar to focus on the content. The easiest way to do it is to fade out the headerbar and just have a blank space there.

UberWriter 2.1.5Since the titlebar is a separate area from the window, there’s no content behind it, so fading it out leaves an unsightly blank area.There are ways to mitigate that. For example, one could hide the titlebar widget completely. That’s what UberWriter, now Apostrophe, does in the latest development version: Apostrophe, development versionIt works, but the code is not pretty. It uses two headerbars: one in the titlebar area, another one in the window area in a GtkOverlay.

To hide the titlebar, it immediately hides the headerbar in the titlebar area, then shows the headerbar inside the window and fades it out. Then it adds some CSS to add round corners on the window instead of headerbar, and makes sure nothing overlaps them. Oh, and it also shifts the scroll position so that the text doesn’t jump.Another way is to use a revealer with a slide transition inside the headerbar area.

Then it’s possible to shift scroll position on each frame of the transition, although it leads to a visual glitch with window corners. A I made half a year agoSo there is no way right now to do it cleanly and without glitches, although you can get pretty close. Fullscreen Web 3.36, in fullscreenI said above that Apostrophe uses two headerbars. Well, I lied!

It uses three, the third one for fullscreen mode.Like the titlebars drawn by X11 window managers, GtkWindow‘s titlebar area is hidden in fullscreen. At the same time, our HIG to still have a headerbar in fullscreen, but to autohide it. The easiest way for apps to implement this is to have another headerbar inside a GtkRevealer in GtkOverlay in the window content area, that’s normally hidden and only shows up in fullscreen mode. Then it can be shown and hidden by application whenever wanted.However, this means you have to have two (or more!) headerbars, or to reparent it from titlebar to the revealer when entering fullscreen and then back to titlebar when exiting it, like DzlApplicationWIndow from does. Showing content behind the headerbar A camera app mockup, by Tobias BernardWhat, you were expecting a screenshot? Since the titlebar area is completely separate from the window, it’s impossible to show content behind it.Similarly, things such as showing scrolling content behind titlebar, like macOS and Windows do, are impossible.

Window/titlebar splitAll of these problems are caused by the fact titlebar is separate from the window. If that wasn’t the case, it would all be a lot simpler:. For split headerbars and stack navigation you would be able to use a single box/stack/leaflet/deck spanning the whole window, no need to duplicate the hierarchy in the titlebar. Autohiding would be a matter of using GtkRevealer and/or GtkOverlay, just like in fullscreen.

The headerbar wouldn’t be hidden in fullscreen, so it would be possible to reuse the widget without reparenting or duplicating it. Similarly, showing content behind the headerbar would be perfectly possible with just GtkOverlay.So, how do we eliminate the split? Obviously, it’s not an option for GTK3.

There’s GTK4, but it would be nice to have something working in the meantime. This means libhandy. HdyWindowHandle HdyWindowHandle exampleThe first thing we need to have headerbar inside the window hierarchy is to make it act like a titlebar.

GtkHeaderBar isn’t enough: while it has the overall layout and window controls, it doesn’t handle dragging, or right-click menu, or double click, or middle click. All of this is provided automatically for the titlebar widget, whatever that widget is, and that’s it.To solve that, libhandy now has a HdyWindowHandle widget. It’s a GtkBin subclass that acts as a “titlebar area”. Dragging it will move the window, right clicking will produce a menu etc.So, when a headerbar is used inside a window, it can be wrapped into a HdyWindowHandle and it will just work. It can also be used to easily make the whole window draggable. Or a random part of it for whatever reason.

HdyHeaderBarHowever, the HdyWindowHandle has a downside of being easy to forget when creating a headerbar. If it’s not used, the window looks exactly the same, but the headerbar can’t be dragged. It’s especially easy to miss if you’re testing your app on a phone, where the window can’t be moved, or usually move windows while holding the Super key.And it just so happened that (for unrelated reasons), libhandy has had a fork of GtkHeaderBar called HdyHeaderBar. It now features the same draggability and right/double/middle click handling as HdyWindowHandle, so can be used as is. HdyWindowOne thing about the headerbars being in a separate area from the window content is that they can easily have round corners. While the window background can have round corners via CSS (and in fact that’s what elementary OS has been doing with the.rounded style class), nothing prevents the window content from overlapping them. This is true for the titlebar as well (see HdyTitleBar), but there’s a lot less chance of that happening.However, if we want to display content behind the headerbar, or to autohide the headerbar, it’s pretty much guaranteed to happen.One way to prevent that is to mask the corners.

This guarantees nothing can ever overlap them. And that’s exactly what HdyWindow and HdyApplicationWindow are doing.Coincidentally, GTK has no public API to inspect border-radius CSS property for each corner separately, so these windows also have round bottom corners.They also draw a sheen on top of the window, which is normally on the headerbar. It looks the same way if a headerbar is used on top of the window, but still looks good if it’s hidden.LimitationsHowever, the corners come at a cost: they cause an overhead when OpenGL is used.

Normally GTK has a fast path for when nothing is overlapping OpenGL drawing (such as inside a GtkGLArea). However, masking corners requires a redirection, so the gains from that are negated.On my machine the only place I was able to notice it is in GNOME Games running particularly “heavy” games.At the same time I wasn’t able to notice any differences with Web or Boxes when using HdyApplicationWindow.Additionally, in maximized, tiled or fullscreen mode, or simply with border-radius: 0; there’s no need to mask anything, so there should be no difference compared to regular GtkWindow. FutureThese widgets have already landed in libhandy master, and can be seen in action in nightly builds of GNOME Games. However, there are some pieces of the puzzle missing right now.While the same headerbar can be used in windowed and fullscreen modes, there’s no widget to show it next to the content in windowed mode like in a GtkBox, and on top of the content in fullscreen mode like in a GtkOverlay. Right now I have such a widget implemented in Games, but it will need to be in libhandy so that each application doesn’t have to reimplement it.Currently HdyHeaderGroup only supports GtkHeaderBar, but not HdyHeaderBar, so for split headerbars you still have to use GtkHeaderBar and HdyWindowHandle.Additionally, the headerbar in the window won’t automatically have.titlebar style class, so won’t pick up styles such as the.devel cog and gradient, so either everybody must manually add it, or HdyHeaderBar could have it by default.And most importantly, it needs to be implemented for. Let's assume that there is a discussion going on on the Internet about programming languages.

One of the design points that come up is a garbage collector. One participant mentions the advantages of garbage collection with something like this:Garbage collectors are nice and save a lot of work. If your application does not have strict latency requirements, not having to care about memory management is liberating and can improve developer efficiency by a lot.This is a fairly neutral statement that most people would agree with, even if they work on code that has strict real time requirements. Yet, inevitably, someone will present this counterpoint.No! If you have dangling references memory is never freed and you have to fix that by doing manual memory management anyway. Garbage collectors do not magically fix all bugs.If you read through the sentences carefully you'll notice that every asserted statement in it is true. That is what makes it so frustrating to argue against.

Most people with engineering backgrounds are quite willing to admit they are wrong when presented with evidence that their statements are not correct. This does not cover everyone, of course, as some people are quite willing to violently disagree with any and all facts that are in conflict with their pre-held beliefs. A statement like this: Using HTTPS on all web traffic is good for security and anonymity. might be countered with something like this:That provides no real security, if the NSA want your data they will break into your apartment and get it.This statement is again absolutely true.

On the other hand if you are not the leader of a nation state or do regular business with international drug cartels, you are unlikely to be the target of a directed NSA offensive.If you think that this is a stupid point that nobody would ever make, I agree with you completely. I have also seen it used in the real world. I wish I hadn't.Bugs are caused by incompetents. High level programming languages are nice. Programming languages that guard against buffer overruns is great for security and ease of development.But not for everyone.You can achieve the exact same thing in C, you just have to be careful.This is again true. If every single developer on a code base is being 100% focused and 100% careful 100% of the time, then bug free code is possible. Reality has shown time and time again that it is not possible, human beings are simply not capable of operating flawlessly for extended perio.