The IVI in the car, like many things these days, is just a computer. My goal was to hack the IVI to get root access and hopefully be able to run my own software on it. Of course, the first step in hacking a device like this is research. This is a story full of twits and turns, and some rally questionable decisions by Hyundai’s developers.
General Development Archive
Carbon, the latest programming language to be built within Google, was unveiled today as an experimental successor to C++. To that end, while Carbon has many of the same goals as Rust, such as helping developers to create “performance-critical software,” Carbon is also intended to be fully interoperable with existing C++ code. Additionally, the goal is to make migrating from C++ to Carbon as easy as possible, if desired. This is not my area of expertise, so I’ll leave it to you readers to say more interesting things. The code for Carbon – not entirely sure about the name, but alright – is on github, along with more information.
When we last heard from Perl, Perl 6 was going off on its own becoming Raku, Perl 5 was going to continue until version 5.36 which would serve as the basis for Perl NG, and Perl NG would be known as Perl 7 because Raku burned the Perl 6 namespace. No one saw the humor in “not that Perl 6, the other Perl 6”. Anyway, the Perl Steering Committee (PSC) decided to write a blog post about the future of Perl and Perl 7. The first PSC was elected in late 2020, and one of our first tasks was to create a plan for the future of Perl, and to put that in motion. A lot of discussion and iteration followed, but the strategy we agreed is: 1. Existing sensibly-written Perl 5 code should continue to run under future releases of Perl. Sometimes this won’t be possible, for example if a security bug requires a change that breaks backward compatibility. 2. We want to drive the language forwards, increasing the rate at which new features are introduced. This resulted in the introduction of the RFC process, which anyone can use to propose language changes. 3. We want to make it easy for people to use these new features, and want to do what we can to encourage their adoption. At some point in the future, the PSC may decide that the set of features, taken together, represent a big enough step forward to justify a new baseline for Perl. If that happens, then the version will be bumped to 7.0. So basically, nothing is going to change. Perl 5 will continue on into infinity adding features as it has been doing.
App Store Optimization is, for most people, synonymous with Apple’s App Store and Google’s Play Store. After all, they contribute to 90% of the total available apps in the market. But they’re not the only ones out there. These alternative app stores seem to lurk in the shadows but each of them has its slew of users. With the looming DMA and Open Markets Acts that aim to open the app markets to third-party stores, their time to shine may be just around the corner. Are they worth looking into? We’re investigating the topic. I’m actually quite surprised by these numbers. Of course, China has a whole slew of China-only application stores that are incredibly popular, but even outside of China, there’s quite a few application stores that seem to have found their niche, and doing well. If you’re a developer of certain applications, it might be worth it to check some of these more specialised application stores. And with the EU on the brink of cracking Apple’s stranglehold on iOS applications, we’re going to see an explosion of tailored application stores,
Ntfs2btrfs is a tool which does in-place conversion of Microsoft’s NTFS filesystem to the open-source filesystem Btrfs, much as btrfs-convert does for ext2. The original image is saved as a reflink copy at image/ntfs.img, and if you want to keep the conversion you can delete this to free up space. Neat tool, but probably with a rather limited application.
Writing this article wasn’t easy. At first glance, it’s all about a fairly unentertaining subject (building a calculator, the kind of exercise that every IT student tried at some point of its education), and to make the matter worse, it’s pedantically advertised. But in the end, I believe that this article really brings out valuable features, highlights enjoyable development stories, and offers an interesting experience, so bear with me! I built a desktop calculator called Chalk, which is free and supports macOS 10.9+. Because I had to make unconventional choices and introduce ideas that I never saw anywhere else before, my first task is to convince you that Chalk is more interesting than it looks. Alright, let’s see what the not-at-all critical and discerning OSNews readership thinks of this one.
This blog series creates a small operating system in the Rust programming language. Each post is a small tutorial and includes all needed code, so you can follow along if you like. The source code is also available in the corresponding Github repository. A great way to learn Rust.
Along with the broader industry trend of transitioning security-sensitive code to memory-safe languages like Rust, there has been an effort to write a Rust-based replacement to GNU Coreutils. For nearly a year that Rust Coreutils has been able to run a basic Debian system while more recently they have been increasing their level of GNU Coreutils compatibility and in some cases now even outperforming the upstream project. For someone like me, who isn’t a programmer, it’s difficult to really say anything meaningful when it comes to the pros and cons of individual programming languages, but on the face of it, with my limited understanding, modern languages like Rust do seem like a safer, more modern, more robust choice.
Modern languages such as Go, Julia and Rust don’t need complex garbage collectors like the ones use by Java C#. But why? To explain why, we need to get into how garbage collectors work and how different languages allocate memory in different ways. However, we will start by looking at why Java in particular needs such a complex garbage collector. Good info on how Go deals with memory versus how Java, mainly, handles memory. The most interesting start of a rabbit hole is the mention of research work around memory allocators.
Well, I do all of my projects in Rust now. Even little scripts I’d usually write in Python I often find myself grabbing Rust for. I’m comfortable with using Rust for pretty much any project at this point, that I decided that for a long-ish term stream project (ultimately a snapshot fuzzer for NT), I would want to do this in Rust. The very first thought that comes to mind is to just build a MIPS executable from Rust, and just… run it. Well, that would be great, but unfortunately there were a few hiccups. Imagine that – running Rust code on Windows NT 4.0 on MIPS led to some hiccups.
Here, I will try to present another huge benefit of using Flutter desktop: the ability to build an app with a user interface that matches the underlying platform’s design standards. As you can see, Shortcut Keeper is built to be an adaptive app for desktops, boasting a different UI design for macOS and Windows, while using a single codebase. This has always been the holy grail of cross-platform development, and the screenshots here are relatively convincing.
Today, we are launching a technical preview of GitHub Copilot, a new AI pair programmer that helps you write better code. GitHub Copilot draws context from the code you’re working on, suggesting whole lines or entire functions. It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet. As you type, it adapts to the way you write code—to help you complete your work faster. Sounds like a cool and useful feature, but this does raise some interesting questions about the code it generates. Sure, generated code might be entirely new, but what about possible cases where the code it “generates” is just taken from the existing projects the AI was trained on? The AI was trained on open source code available on GitHub, including a lot of code licensed under, for instance, the GPL. GitHub says in the Copilot FAQ: GitHub Copilot is a code synthesizer, not a search engine: the vast majority of the code that it suggests is uniquely generated and has never been seen before. We found that about 0.1% of the time, the suggestion may contain some snippets that are verbatim from the training set. Here is an in-depth study on the model’s behavior. Many of these cases happen when you don’t provide sufficient context (in particular, when editing an empty file), or when there is a common, perhaps even universal, solution to the problem. We are building an origin tracker to help detect the rare instances of code that is repeated from the training set, to help you make good real-time decisions about GitHub Copilot’s suggestions. That 0.1% may not sound like a lot, but that’s misleading – another way to put it is that out of every 1000 suggestions Copilot makes, 1 is copy/pasted code someone has written and selected a license for, and that license must, of course, be respected. On top of that, it’s hard to argue that code generated from a set of existing open source code doesn’t constitute a derivative work, and is thus covered by the copyright open source licenses are based on. I am not a lawyer, so I’m not going to argue Copilot is definitively a massive GPL violation, but as a layman, on the face of it, it definitely feels like a tool that’s going to strip a lot of code from their licenses – without consent and permission of the code’s authors.
Getting started with developing applications for a mobile platform can be a challenging task, especially when it comes to building and testing the application on the mobile device itself. The Librem 5 makes its application development workflow extremely simple. Among other things, you can develop applications on-device, which is something sorely missing from other platforms.
Rust developers have repeatedly raised concerned about an unaddressed privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. StackOverflow’s 2020 developer survey ranked Rust first among the “most loved programming languages.” However, for the longest time developers have been bothered by their production builds leaking potentially sensitive debug information. I’ll leave this one for you folks to figure out, but from a layman’s perspective, it looks like a really dumb thing to keep paths from the developer’s machine like this in compiled binaries? At least after countless years, the Rust developers seem committed to fixing it, finally.
Well, I’ll not tell a long story, how I debug, but come directly to the bug mentioned in the title. I tracked his existence down to BASIC 2.0 as used in the VIC-20, C64 and the early PET/CBM series and it seems, that it was never detected, documented or fixed. It is related to temporary strings, the stack of descriptors for temporary strings, that has a size of 3, and the so called “garbage collection”, which in reality doesn’t collect garbage, but does a defragmentation of string storage. Fixing an ancient bug like this must be a weirdly satisfying experience.
The great unicorn of software development is to have one language and framework that enables devs to code an app once and run it on any operating system and any type of device. Flutter has been aiming to do this since its inception, and today it gets quite a bit closer to that goal with the announcement of Flutter 2. The latest major update brings major enhancements for mobile platforms, adds support to desktop, and massively extends its capabilities on the web — among other things. Does anyone here have experience with Flutter? It seems like it’s gaining some steam judging by the increase in news stories about it recently.
This is the heart of the conflict: Rust (and many other modern, safe languages) use LLVM for its relative simplicity, but LLVM does not support either native or cross-compilation to many less popular (read: niche) architectures. Package managers are increasingly finding that one of their oldest assumptions can be easily violated, and they’re not happy about that. But here’s the problem: it’s a bad assumption. The fact that it’s the default represents an unmitigated security, reliability, and reproducibility disaster. I’m sure this will go down well.
Go 1.16 has been released. The new embed package provides access to files embedded at compile time using the new //go:embed directive. Now it is easy to bundle supporting data files into your Go programs, making developing with Go even smoother. You can get started using the embed package documentation. Carl Johnson has also written a nice tutorial, “How to use Go embed”. Go 1.16 also adds macOS ARM64 support (also known as Apple silicon). Since Apple’s announcement of their new arm64 architecture, we have been working closely with them to ensure Go is fully supported; see our blog post “Go on ARM and Beyond” for more. More details can be found in the release notes.
After two tweets that I made last week, playing around with UEFI and Rust, some people asked to publish a blog post explaining how to create a UEFI application fully written in Rust and demonstrate all the testing environment. So todays objective it’s to create a UEFI application in Rust that prints out the memory map filtered by usable memory (described as conventional memory by the UEFI specification). But before putting the hands at work let’s review some concepts first. uefi-rs is a Rust wrapper for UEFI.
Petit FatFs is a sub-set of FatFs module for tiny 8-bit microcontrollers. It is written in compliance with ANSI C and completely separated from the disk I/O layer. It can be incorporated into the tiny microcontrollers with limited memory even if the RAM size is less than sector size. Also full featured FAT file system module is available here. Fascinating little project.