nheko
nixpkgs
Our great sponsors
nheko | nixpkgs | |
---|---|---|
18 | 969 | |
1,757 | 15,581 | |
2.4% | 4.9% | |
9.7 | 10.0 | |
8 days ago | about 3 hours ago | |
C++ | Nix | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nheko
- Shutting down the letsblock.it project and its official instance
-
PSA: security vulnerability in qBitorrent 4.5.x webUI
Look at this, notice anything different? https://github.com/Nheko-Reborn/nheko/issues/new/choose
-
This Year in Matrix
Nheko has been around for a number of years. Never used it myself though.
-
Matrix was worth the effort to self host.
Matrix clients hit different than pretty much any other chat client I've use before. Theres multiple clients I've found like nheko, moments, element that are a pleasure to look at and smooth as hell. Even better you can have users use web services like Element Web to sign-up and chat. Its sick.
-
What flatpaks are "official" (i.e., directly from the application's developer)?
The Nheko flatpak is official. Just compare the source to the nightlies we build and upload to our nightly repo.
-
GTK4 Matrix Client
Like almost every client out there it has no support for e2ee. I was happy to find https://nheko-reborn.github.io (I'm a KDE user so Qt apps are preferred).
- Mozilla Thunderbird Beta now supports Matrix chat
-
weed rule
There's also FluffyChat or Nheko if Element is too heavy.
-
Using Files with Browsers, in Reality
I probably wouldn't have guessed that `e.dataTransfer.items` gets cleared at the first await (since I'm not a proficient web developer), but I would've been extremely wary of this code in general. Additionally (not tied to async-await but race conditions in general), is `item.getAsFileSystemHandle()` a TOCTTOU vulnerability where the type of an item can change between folders and files and symlinks etc., while this code is running?
Rust's & vs. &mut system largely eliminates shared state hazards in both threading and asynchronity (&mut is exclusive/unaliased and can't be mutated by other threads or event loop jobs, and & is difficult and unidiomatic to mutate), though it doesn't solve async cancellation errors (https://carllerche.com/2021/06/17/six-ways-to-make-async-rus..., discussed at https://news.ycombinator.com/item?id=27542504), or filesystem TOCTTOU (https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html as well as user code).
Qt event loop reentrancy is fun(tm) as well. It looks like a blocking call, but spawns a nested event loop which can do anything (but rarely enough to lull you into a false sense of complacency), resulting in segfaults like https://github.com/Nheko-Reborn/nheko/issues/656 (workaround at https://github.com/Nheko-Reborn/nheko/commit/570d00b000bd558..., I didn't look into it). And Qt lacks "easy" await syntax and a framework based on calling red functions (though I didn't look into C++20 coroutines yet, perhaps https://www.qt.io/blog/asynchronous-apis-in-qt-6 or https://github.com/mhogomchungu/tasks or https://blog.blackquill.cc/asynchronous-qtquick-uis-and-thei...?).
- Introducing Native Matrix VoIP with Element Call!
nixpkgs
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
-
GitHub Disabled the Xz Repo
True, but irrelevant -- _some packages_, _somewhere_, do depend on xz, which, if built, requires pulling the source from GitHub (see the default.nix: https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/tools...)
It's not the vulnerability that's a problem right now (NixOS was protected by a couple of factors) but rather GitHub's hamfisted response.
That is the problem.
-
Combining Nix with Terraform for better DevOps
We’ve noticed that some users have been asking about how to use older versions of Terraform in their Nix setups [1, 2]. This is an example of the diverse needs of people and the importance of maintaining backward compatibility. We hope that nixpkgs-terraform will be a useful tool for these users.
-
Nix is a better Docker image builder than Docker's image builder
I think whateveracct was referring to is this link:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/developmen...
What that file is doing, is building a package, and it essentially is a combination of what Makefile and what RPM spec file does.
I don't know if you're familiar with those tools, but if you aren't it takes some time to know them enough to understand what is happening. So why would be different here?
-
Use Ansible to create and start LXD virtual machines
#!/usr/bin/env nix-shell #! nix-shell -i bash #! nix-shell -p sops #! nix-shell -I https://github.com/NixOS/nixpkgs/archive/refs/tags/23.05.tar.gz source config.sh "$@"
-
What AI assistants are already bundled for Linux?
NixOS just got tabbyml[1] which is built on llama-cpp. Working on systemsd services the weekend and updating latest tabbyml release which supports rocm in addition to cuda
What are some alternatives?
gomuks - A terminal based Matrix client written in Go.
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
axolotl - A Signal compatible cross plattform client written in Go, Rust and Vuejs
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
Signal-Android - Patches to Signal for Android removing dependencies on closed-source Google Mobile Services and Firebase libraries. In branches whose names include "-FOSS". Uses new "foss" or "gms" flavor dimension: build with "./gradlew assemblePlayFossProdRelease".
git-lfs - Git extension for versioning large files
weechat-matrix - Weechat Matrix protocol script written in python
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
telegram-bot-api - Telegram Bot API server
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
org.signal.Signal
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.