xz
freedesktop-sdk
| xz | freedesktop-sdk | |
|---|---|---|
| 24 | 53 | |
| 160 | - | |
| - | - | |
| 9.7 | - | |
| about 2 months ago | - | |
| C | ||
| GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
- The Return of the Frame Pointers
freedesktop-sdk
-
The Return of the Frame Pointers
I think I might have confused two unrelated posts. The one that references Polar Signals is this one:
https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/issues/...
So not a perf issue there, but they don't think the workflow is suitable for whole-system profiling. Perf issues were in the context of `perf` using DWARF:
https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/issues/...
- Finally mesa version 23.1.1 for fedora 38 has been published for testing 11 hours ago. It comes with quite important features like vulkan gpl for RADV to fight stutters in games and for better performance.
-
Yocto
But the fd-sdk https://gitlab.com/freedesktop-sdk/freedesktop-sdk and gnome build meta https://gitlab.gnome.org/GNOME/gnome-build-meta projects can prove as good references.
-
Rant: Desktop Sandboxing
With all of these hypothetical features out of the way and looking just at current release software, Flatpak allows you to do so much stuff that isn't accessible for a not-so-techy user. Custom installation folder? Yep. Running mesa-git GPU drivers? You got it. Any way to easily do this via GUI? In typical Linux fashion, nope. For a GUI focused packaging format this is a big letdown.
- Issue found for: Steam Deck Issue With Flatpak Hardware Decoding
- Steam Flatpak. Tried RADV_PERFTEST=gpl with proton-ge-54 but doesnt seem to be working when compared to using it with Bottles. Please see if I did it right.
-
Is there any way to force a specific Mesa driver for applications when multiple Mesa driver versions have been installed?
Link to (official?) how-to: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/wikis/Mesa-git
-
Fedora Workstation 38 Is Shaping Up To Be Another Fantastic Release
You can load up Mesa GIT using environment variables, see here. Honestly what I miss the most from flatpak Steam is properly working non-Steam shortcuts, but I've given up on that.
- Are all AMD GPUs equally well supported?
-
PSA: The new OBS update breaks VA-API encoding when used with the Flatpak
It was my understanding that the packages for vaapi are just put into the -extra version of the sdk so app maintainers can opt out, but they are still available if they want to use them. See https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/10616
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
flatpak - Linux application sandboxing and distribution framework
libarchive - Multi-format archive and compression library
Flatseal - Manage Flatpak permissions
stencil-golang - Template repository for Golang applications
argos-translate - Open-source offline translation library written in Python
tukaani-project
xdg-desktop-portal-gtk - Gtk implementation of xdg-desktop-portal
Folly - An open-source C++ library developed and used at Facebook.
us.zoom.Zoom
systemd - The systemd System and Service Manager
oneTBB - oneAPI Threading Building Blocks (oneTBB)