X11 Compose Extension

Dear Lazyweb,

I'm having a problem where sometimes my OverrideRedirect window is not visible on the screen after XMapRaised, even though XQueryTree reports that it is on top.

The compositor may be implicated, as apparently it involves a magic window that is on top of all others that is intentionally omitted from the XQueryTree list, because the world is insane.

I have read the documentation, such as it is, and tried a few things, but there seem to be several mutually exclusive paths through the compositor, not all of which involve that magic window, so my question is:

Given the set of window managers that I am likely to encounter in the real world, what is my best bet for making my OverrideRedirect window actually appear on top of all other visible windows? (Which is literally the one and only thing that "OverrideRedirect" was supposed to mean.)

(I assume that any answer involving _NET_WM properties or ClientMessages is incorrect, as those only apply to non-OverrideRedirect windows that are managed by the window manager.)

Relatedly: which window manager in reasonably common use does the most pessimally fucked up compositor-related things, that I should test against?

Update: Interestingly, and in case this should ring any bells, when I am in this state where XMapRaised on my window does not cause it to become visible on the screen (despite XQueryTree saying that it is on top) destroying and re-creating the window does work.


Tags: , , , ,

Rules are rules

Even made-up fake ones without the force of law that effectively give unelected functionaries control of the legislative branch of government. Sometimes there's just nothing you can do, even when there are whole entire handfuls of things you can do.

The $15 minimum wage may yet pass as part of the pandemic relief bill; who knows. The Democrats in the House, admirably, intend to go right ahead and pass the relief bill with the minimum-wage increase included in it, in effect daring anybody in the Senate to be the one who'll sign their name to having stripped it out. But this, exactly this kind of dithering and capitulating, is why the Democratic party is always so much less popular than incredibly well-liked ideas -- Medicare For All, gun control, COVID-19 relief checks, minimum-wage increase, a federal government that does more to help people directly, etc. -- whose only support in government comes from its own members. Given the rare opportunity to flex some power, and a clear and obvious moral mandate to do so, they're throwing their hands up at non-binding parliamentary procedures and well actually-ing their own supporters over what exactly the phrase "$2,000 checks" means.

Bigots and billionaires and culture warriors can at least count on the Republican party to gleefully immiserate the classes of vulnerable people they despise, whenever it's entrusted with the power to do so. The only thing you can count on the Democratic party to do is to develop a sudden paralyzing case of situational Budget Concern or Norms Respect, whenever it can cripple or stall or dilute the fulfillment of a pledge to make common people's lives better, to materially address any of the myriad ways American society has been warped into incoherent brutality by capitalism and white supremacy.

Previously, previously, previously.

Tags: , ,

The future is....

HunterFelt: "Meanwhile on the shelves of Philip K Dick's Sporting Goods."

the Future Is Reduced For Quick Sale $2

Previously, previously, previously.

Tags: , , ,

Guide to combat against robot war dogs

whitney_hu: "Massive food lines in The Bronx but $75K for NYPD to have robo dogs."

Len Kusov:

PSA: if you or someone nearby are being brutalized by a police Spot robot and can get a hand or something underneath, grab this handle and yank it forward. This releases the battery, instantly disabling the robot.

Keep your hands away from joints, Spot WILL crush your fingers.

If you are a bystander and can get BEHIND spot, don't hit the power button, hit the OTHER button - it physically disconnects the motors.

Spot can also be countered with booby traps easily.

If you're armed, shoot center-of-mass as normal. The lithium pack is huge and not armored

Spot is also purely optical, meaning paint, dust, a sheet or blanket, sticky tape, etc can severely impair it.

Original stereo cameras on the face. 360 camera, pan/tilt/zoom cam, and LIDAR rangefinders on accessory rails.

If you're feeling creative, and can prepare beforehand, Spot is literally just controlled with an Android tablet. In manual (as in, non-autonomous) mode, Spot is literally just communicating over Wifi.

A WiFi jammer based on an ESP2866 is $40 on Amazon, just sayin.

Ostensibly, Spot was never meant to see combat - at least the current iteration of it.

There are, of course, military versions in the works that probably get rid of most of these vulnerabilities but police departments are buying the civilian ones just cause they can.

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , ,

"Thank you management"

There is no safe way to have indoor dining without massive vaccine deployment, no matter how much you want someone pandering to you.

There is no safe way to have in-person classrooms without massive vaccine deployment, no matter how much you want a babysitter.

This is not rocket surgery.

Previously, previously, previously, previously, previously.

Tags: ,

Howl's Moving Victorian Time-Lapse

Karl Mondon:

If like me you're wondering, "But why tho?", you might dig up this article: mostly a history of other times that people have moved houses, and including only this by way of explanation:

The move of 807 Franklin St. is being done by a private owner looking to restore two empty Victorian-era buildings while making way for a new eight-story, 48-unit rental property.

...leaving me still wondering, "But why tho?"

Previously, previously, previously, previously, previously.

Tags: , , ,

Robot War Dog Company objects to their Robot War Dogs being called War Dogs

Boston Dynamics:

Today we learned that an art group is planning a spectacle to draw attention to a provocative use of our [military] robot, Spot. To be clear, we condemn the portrayal of our [military] technology in any way that promotes violence, harm, or intimidation. [...]

In addition, all buyers [except the military] must agree to our Terms and Conditions of Sale, which state that our products must be used in compliance with the law, and cannot be used to harm or intimidate people or animals.

The "and" in that last sentence is doing a lot of heavy lifting: armies, are they legal?

Anyway, it was very nice of Boston Dynamics, The Robot War Dog Company,™ to put out a press release drawing attention to this art project, but they seem to have mistakenly left out the link to the art project itself! What an embarrassing oversight! It's here:

Spot's Rampage by MSCHF:

We've put a Spot in an art gallery, mounted it with a .68cal paintball gun, and given the internet the ability to control it. We're livestreaming Spot as it frolics and destroys the gallery around it. Spot's Rampage is piloted by YOU! Spot is remote-controlled over the internet, and we will select random viewers to take the wheel.


We're all winners in our hearts.


The human race, when remote-operated dogs of war become commonplace. As these war dogs become fixtures of militaries and militarized police we will all learn a new meaning of fear: an oppressor who can pull the trigger without even needing to be physically present.


See Spot Run. It tops out at a blistering 3mph.

See Spot Roll Over. Spot is an empathy missile, shaped like man's best friend and targeted straight at our fight or flight instinct. When killer robots come to America they will be wrapped in fur, carrying a ball. Spot is Rob Rhinehart's ideal pet: it never shits.

Good Boy, Spot! Everyone in this world takes one look at cute little Spot and knows: this thing will definitely be used by police and the military to murder people. And what do police departments have? Strong unions! Spot is employee of the month. You never need to union bust a robot - but a robot can union bust you.

See Spot KILL!! Spot is an empathy building tool, because: Cute and approachable! We talked with Boston Dynamics and they HATED this idea. They said they would give us another TWO Spots for FREE if we took the gun off. That just made us want to do this even more and if our Spot stops working just know they have a backdoor override built into each and every one of these little robots.

See Spot Fall Over And Freak Out. Quite an experience to live in fear, isn't it? That's what it is to be a slave. Our saving grace: Spot is evil but not very good at its job.

Previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , , ,

"Stop adding Bitcoin as a checkout option like it's not a planet-killer."

Looking at you, Internet Archive.


As the price goes up it's worth it for miners to spend more to mine a coin. Even if it costs them enormously in energy costs.

Will they? Guaranteed.

As long as someone who wants to better their finances can make a fortune destroying a common good at least one psychopath will do that.


What can we do? Treat Bitcoin like we (should) treat the heroin trade. Folks want it, suppliers are getting foolishly rich off it, and it does absolutely no good.

Stop adding it as a checkout option like it's not a planet-killer.

And for godsakes stop letting anyone refer to the future promise of blockchain as a beard for BTC. If there were any other use besides burning Earth to a crisp we would have found it by now.

But this analogy may unfairly malign heroin, which for all its downsides, has probably brought the world more joy than Bitcoin ever has.

Previously, previously, previously, previously, previously.

Tags: , , , , , ,

XScreenSaver version 6 beta 1

I have significantly refactored the XScreenSaver daemon, the component of the XScreenSaver suite that provides screen locking on X11 systems.

These changes greatly reduce the amount of code running in the "critical" section: the part of the code where a crash would cause the screen to unlock. That critical section is now only around 1,800 lines of code, a reduction of roughly 87%.

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away. -- Antoine de Saint-Exupery

My approach with XScreenSaver, as I've written about extensively, has always been to minimize the amount of code in the critical section: to link with as few libraries as possible, and to sandbox as much of the rest as possible in separate processes. This approach has worked out very well; XScreenSaver has had an excellent security track record over these last three decades. Not perfect, but pretty damned good. Especially as compared to its putative "competition".

But, it still contains quite a lot of code, and keeping up with new operating system features like hot-swapping of monitors, new ways of detecting user activity and so on, has caused more and more code to creep into it. Remember that XScreenSaver predates not only HDMI, but USB! I wrote the first version on a 1-bit monochrome display.

So I stepped back and took a fresh look at the whole thing from the perspective of, "what needs to be here?" In addition, dropping support for X11 systems more than fifteen years old -- an eminently reasonable thing to do -- allowed me to simplify the flow of control a lot.

The new design looks like this:

  • xscreensaver
    • The daemon. Links with Xlib and nothing else.
    • Requires the XInput2 extension, standard since X11R7 in 2005.
    • Handles grabs, idle detection, and client messages.
    • Maps no windows.
  • xscreensaver-gfx
    • Launched by xscreensaver to blank the screen.
    • Launches the screenhacks as sub-processes.
    • Handles monitor reconfiguration, fading, visuals, etc.
    • If it crashes, the desktop will momentarily be visible, but the keyboard and mouse will remain grabbed and the screen will remain locked.
  • xscreensaver-auth
    • Launched by xscreensaver to authenticate the user.
    • Draws the unlock dialog, and talks to PAM.
    • Exit code indicates success or failure, so if it crashes, that has the same behavior as "incorrect password".

The old XScreenSaver daemon contained 14.5k lines of code in a single executable. The new one contains 12.5k lines across three different executables -- a 14% reduction overall. But as I said earlier, the critical section -- the process whose crash will result in an unlock -- now contains only 1.8k lines -- an 87% reduction. This is great not just because it reduces the attack surface, but also because it's easier to understand and audit.

Since this is a very large change, I would like to get a lot of testing on this before calling it ready for release. Please beat on it, eyeball it, throw whatever you can at it, and see if you can make it crash. Particularly, see if can make it crash and unlock.

Let me know if any of these things don't work by default:

  • There should be no compilation errors that "configure" didn't warn you of first.
  • Locking should work, specifically unlocking.
  • The "xscreensaver-systemd" program should be running in the background.
  • Fonts and font sizes in the unlock dialog should look sensible.
  • Custom fonts should have been installed and used (e.g. "memscroller" should be using an OCR font).
  • Fading and un-fading should be smooth on all screens.

Things that it would be nice to have some testing on, if you have the means:

  • Non-English locales.
  • Passwords containing non-Latin1 characters.
  • Unixen that are not Linux.
  • Linuxen that are not Debian or Fedora.
  • Hot-swapping monitors willy-nilly.
  • Laptops with flaky power management.
  • HiDPI monitors.
  • PBP monitors ("two HDMI one cup").
  • Kerberos.
  • Exotic PAM authentication methods, such as USB or bluetooth fobs, or fingerprint readers.
  • Any PAM setup that prompts for more than one input.
  • Does XScreenSaver interact sanely with remote desktop clients or games that grab the mouse for long periods?
  • Exotic input devices: do you have a controller that does not present as key-press or mouse-motion, and does XScreenSaver recognize it as user activity?

Launch it as "xscreensaver -log log.txt" and if anything goes wrong, send me the entire log file, and as many other details as you can about your system and what was going on at the time.

If there were any compilation problems, send me the entire output from "configure" and "make", as well as the "config.log" file.

Please note, this is a BETA release. Do not download this unless you are willingly participating in the testing of software that is probably flaky! And above all, do not distribute this version to other users.

☢ xscreensaver-6.00b2.tar.gz ☢

Do send me email and let me know what systems you've tried it on and how that went.


Tags: , , , , , ,



Strongest two factor authentication:

- Something you know

- Something you f̷̸̧̞̘͓͉ͪ͆̍̂̀ẹ̷͔͙͚̑ͮͪ̐̀́͝a̶̷"̨̩̼̞̤ͧͪ̾̂r̴"̦͖̯̠̎ͬ̅ͫ̕͝


HTTP 403 F̦̩̫̼͔̫͓̃ͤ̈̆̀͑o̖̟͙̫̯̗̳̽ͦ̆́ͨr̩͉̰̗͉b̬̂͘į̟̬̓d͂͗҉̟͈̜͙ͅd͎̜̺̝͇͑̒̋̾ë̴̳̺͓̦̘́ͮ̈́ǹ͈̦̫̙

Previously, previously, previously, previously, previously.

Tags: , , ,

  • Previously