1. 1

    LinuxCNC controls CNC machines. It can drive milling machines, lathes, 3d printers, laser cutters, plasma cutters, robot arms, hexapods, and more.

    Runs under Linux (optionally with realtime extensions).

    I see the dependency on Linux (even the name!) as unfortunate.

    1. 4

      What are your main concerns? What would you do differently?

      1. 1

        I’d care about supporting non-Linux OSs, particularly the OSS ones, and avoid including Linux in the project name.

        1. 5

          Patch or gtfo then :)

          1. 2

            Cross-OS for its own sake is fair enough I suppose, though I’d still be interested to know what about Linux you think is unfortunate as the OS of choice for this project, or why you think another would be better.

            My take on this is: it’s a piece of software designed for industrial control with hard real-time requirements. As one of my mentors liked to say, a mill or a lathe isn’t the kind of equipment that just hurts you, it rips your arm off and beats you to death with it. I’m glad that they’re limiting their scope to a single kernel. Last I read an article about achieving hard real-time on Linux, it wasn’t exactly lacking nuance or pitfalls. Add more supported kernels and you multiply the chances that you introduce a bug, miss timing, and destroy the work/machine/operator.

            I’d also like to point out that they don’t owe anyone cross-OS support. Including Linux in the name actually emphasizes their right to build what they want. The creators set out to create a CNC machine controller for Linux. If you want support for another OS, the source is GPLv2 :)

            1. 1

              what about Linux you think is unfortunate as the OS of choice for this project,

              I’ll say as a start I don’t think there’s anything terribly wrong with doing CNC with Linux.

              Yet my suspicion is that, despite the name, there’s technically not much tying this project to Linux specifically.

              Which makes the name truly unfortunate.

              1. 6

                A brief look at the project reveals that they ship Linux kernel modules for controlling hardware via supported interfaces, and for any use with real hardware Linux kernel with -rt patchset is needed on the controlling computer. This surely makes moving to another kernel quite a large effort, as realtime drivers need to be ported. And the recommended installation method is a Debian-derivative GNU/Linux distribution.

                So I would expect getting a good enough port to be a large undertaking, with benefits of using another OS inside that black box even harder to realise because the number of users with hardware access matters for testing.

                1. 1

                  So it is forcibly an ugly design, as we know it has to resort to kernel modules as Linux itself is ill-suited to abstract the hardware and enable doing the heavy lifting in user space. Noted.

                  Maybe the name is not wrong, in hindsight.

                  1. 5

                    Sure, they do have a userspace implementation, and apparently recommend the standard Preempt-RT patchset with user-space control implementation for some cases. It’s just that for many cases RTAI kernel and a kernel-space driver yield lower latency. Indeed, Linux is not a microkernel, so context switches have some costs.

                    Sure, making something realtime on top of a general-purpose non-realtime OS has its drawbacks, and the best latency will need some amount of special-case work. But it improves the chances of reusing some computer that is already around.

                    User-space real-time API-wise they claim to support Preempt-RT, RTAI and Xenomai kernels (all Linux-based).

                    1. 3

                      Such machines rely on hard realtime controls and are very often done in microcontrollers. Latency is a huge constraint of the project. The project itself is very old: it dates back to the mid 90s: there wasn’t a lot of CPU power back then (especially on the ARM targets) and less knowledge and development to achieve hard real-time.

                      1. 1

                        Are you aware of an open effort using microcontrollers?

                        1. 2

                          GRBL, I guess? Somewhat limited and recently inactive, but apparently usable for many usecases.

                          1. 3

                            recently inactive

                            There seems to be a maintained fork. There’s not much in terms of changes, but I suspect that’s because it reached a “just works” point.

                            No strange latency surprises to be had with these microcontrollers.

                            1. 2

                              Yes, I meant this repository as the main development line, and it doesn’t seem to have firmly decided to never get to 5-axis support, so there is a clearly stated missing feature with respect to which it could be active but isn’t. Doesn’t matter for use cases where it fits, of course.

                          2. 1

                            The project wiki (section 4) describes why they chose not to use an external microcontroller as a motion controller.

                            It also says there was a hard fork which adds support for a particular external microcontroller.

                            1. 1

                              I see… ultimately they do like their scope and meters, on their computer.

                    2. 1

                      Yet my suspicion is that, despite the name, there’s technically not much tying this project to Linux specifically.

                      I’m unfamiliar with the real-time / CNC space. What other non-GPL/OSS kernel systems have support for the kind of real-time performance required by these machines?

                      1. 1

                        What other non-GPL/OSS kernel systems have support for the kind of real-time performance required by these machines?

                        As a reminder, Linux isn’t exactly awesome at real time, particularly awful without rt patchset (and project seems to work w/o that), thus the requirements can’t be that strict, and there should be plenty of systems that meet them.

                        1. 3

                          In the system requirements documentation:

                          It can, however run on a standard kernel in simulation mode for purposes such as checking G-code, testing config files and learning the system.

                          So, non-RT Linux allows to do a subset of work that doesn’t involve driving hardware.

              2. 3

                Are you coming at it from a principle perspective or practical?

                From a practical point, several of the newer commercial control systems like Heidenhain and Siemens and probably more I can’t remember, have Linux base for the user interface.

                Both works fine in daily use at the day job.

                And is Windows really a better option? I know Datron’s Next control is lovely and easy to use on the commercial side. Others include Centroid, UCCNC, Kflop, Planet CNC and Mach3 & 4.

                All require specific electronics anyway that usually does the heavy lifting in serious (non hobby) use.

                From a principle point, I’d like to hear more.

              1. 3

                I do not want to be too negative nor sound condescending. But OP is just confused about his shell syntax and named parameter passing conventions/traditions.

                The pipe is interpreted as an Unix pipe by the shell. There is absolutely nothing to fix on the tree utility on that regard. OP should absolutely read about quoting on his shell manual and use it.

                Parameter parsing also does what is expected. Assembling a list by passing the same parameter many times is by no means the expected nor logical behaviour.

                1. 3

                  There is at least one other GNU tool I can think of off the top of my head that builds a list when passed the same flag multiple times. Namely, GCC’s search path can be extended by passing -I<dir> any number of times.

                  Personally, I think it’s reasonable to complain about how a tool’s interface interacts with the shell it’s used in. Bash is, after all, also a GNU tool.

                  1. 3

                    Hi, OP here!

                    Yes, accepting the same arg several times to build up a list is a pattern we see also elsewhere, but don’t expect consistency from command line args, ever! For example, gcc will accept stuff like -Iblah with no space between flag and directory, but GNU tree insists on having a space between the flag and the pattern.

                1. 13

                  What if you just mashed up the banana and spread it on in a uniform layer?

                  1. 16

                    You’ve just ruined his life’s work, I hope you’re happy

                    1. 3

                      Alternatively, mashing the banana up and stirring it together into a paste with the peanut butter (and possibly honey) and spreading it that way.

                      This method does however introduce the build dependency of a bowl, and additional washing-up debt.

                      1. 8

                        Take a bite of bread, a bite of banana, and a bite of peanut butter. Let your mouth be the bowl.

                        1. 3

                          That’s an engineer’s solution if I’ve ever seen one.

                          1. 2

                            Thank you. 😂

                      2. 2

                        That would ruin the banana texture.

                        My suggestion would be to accept the sandwich as it is, and not try to homogenise the sandwich. This way, you don’t know what you will get in each bite, and you can let yourself be surprised.

                        1. 1

                          Or just slice the banana lengthwise, it gets better coverage, more bananaliciousness and less waste.

                      1. 3

                        This is great news! I was just starting to get into the Yosys/SymbiFlow projects.

                        1. 12

                          This is missing the “why”.

                          • What are the benefits of this whole mess of new build infrastructure?
                          • Who claims these are the new best practices, or are these just the author’s preferences?
                          • Why are these tools curl | bash-ed onto my machine instead of packaged with my distribution like a piece of dev tooling I can actually trust to base my entire project on?
                          1. 16

                            Agree. I now have a sudden urge to write a guide how to start from very simple (i.e. system interpreter, no packaging, minimal verification) and how to progress further on. And how to decide what tools do you even need to consider and at which stage.

                            In hindsight as a somewhat experienced Python programmer I can see how each of these tools can be helpful – but if I was a beginner I would be completely overwhelmed.

                            1. 4

                              Please do. I am by no means a beginner at Python itself, but most of these “guides” confuse me. I’ve gotten pretty far with a few venvs and some other minor tools. Why would I need all of these other things?

                              It feels very much like people write these kinds of guides where they try to score points by cargo culting a lot without themselves understanding why they are doing things the way they are.

                            2. 1

                              I think “why” kinda answers itself. People who are familiar with setuptools don’t need an answer as they would gladly try something else. As for beginners they don’t need an answer either as you should really learn the newest and most popular standard.

                              So who’s really asking “why”?

                              1. 4

                                Everyone, beginners especially, has a right to ask for a rationale for the recommendations they receive.

                            1. 2
                              Bugfixes
                              --------
                              
                               * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
                                 a PKCS11Provider; bz#3141
                              

                              Well this one is good to see as that used to be pretty annoying, although I’ve now switched to yubikey-agent to not have to deal with the PKCS#11 implementation anymore.

                              1. 2

                                What does the yubikey-agent get you that isn’t native to OpenSSH >= 8.2?

                                It seems like the yubikey-agent stuff was a fill-gap for older versions of OpenSSH that didn’t support FIDO out of the box, or maybe I am missing something?

                                1. 4

                                  It’s absolutely a fill-gap, because FIDO support requires OpenSSH >= 8.2 on both sides of the connection. There’ll be a long tail of servers running older OpenSSH, and it’s nice to have a solution for people stuck connecting to them. For example, Ubuntu 18.04 is supported until April 2023 with extended support until April 2028, and uses OpenSSH 7.6.

                                  1. 5

                                    Cool, I basically live on OpenBSD current, so I have had this (both ends) for some time now. Would be handy for github though!

                                    1. 3

                                      Right, exactly this. I have personal servers running sshd that ships with the OS that aren’t yet on 8.2+, and similar for work.

                                      My employer gives all employees a YubiKey but our servers run Debian and we don’t backport newer OpenSSH versions, so yubikey-agent allows me to have an easy way to use it without the complicated and slightly flaky PKCS#11 setup.

                                      Another advantage of yubikey-agent is it allows you to re-plug your YubiKey and it doesn’t break. The stock ssh-agent (combined with OpenSC) generally stops working if the YubiKey is unplugged and it’s fiddly to get it working again.

                                1. 4

                                  I’ve been writing software professionally for RISC-V for two years now, and it’s been really satisfying watching the architecture grow in capability and community over that time. Probably the best part, especially in these circumstances, is knowing that the fate of the architecture isn’t tied to the success or failure of any one company. If anything, the lull gives us time to stop sprinting and focus on fundamentals, which is super important when so much of what we do has some aspect of “reinventing the wheel”.

                                  Here’s to many more years, and here’s to open standards!

                                  1. 2

                                    I’m curious, if you’re able or willing to disclose: where do you work? What are you writing that’s targeting RISC-V? How big is your team? How many others do you estimate are also targeting RISC-V? I have no idea to what extent RISC-V is seeing uptake in the industry, and am genuinely curious to learn.

                                    1. 4

                                      I’d rather not disclose my employer or details related to them, but as for the last part of your question:

                                      There’s a massive demand throughout the industry for RISC-V, but it’s all invisible unless you’re in and around R&D departments, mostly for embedded products. Right now, everyone’s trying to build up their platforms on top of RISC-V to eventually enable their end application. That includes everything from boot flows, to tuned linear algebra and DSP libraries, to whatever RTOS the company’s applications are all written for, and so on. It’s taken us a decade to get to where we are just because of the sheer magnitude of the variety and height of all these bits of the software stack. It’s turtles all the way down (hence my username, haha).

                                      As these software stacks mature over the coming decade, you’ll probably see more and more products running on RISC-V processors. Or you might not even notice, since they’ll be going into places you don’t even think about computers existing. The motor controller in your cordless drill, your TV’s remote control, and of course the wave of IoT you didn’t ask for.

                                  1. 3

                                    Just to check, does this mean we can skip passphrases for the ecdsa-sk keys? ssh-keygen still asks for one, but assuming I’m comfortable with the security model of Yubikey possession == access, is a passphrase still necessary?

                                    1. 2

                                      Yep, even without a passphrase for most tokens it’s still private key file + hardware token. With a passphrase it should be private key file + passphrase + hardware token. With resident credentials it’s just hardware token.

                                      1. 1

                                        Awesome, thanks for confirming Filo!

                                      2. 2

                                        To answer my own question: all I had to do was read past the first half of the article.

                                        • Without a passphrase, authentication requires possession of at least the the hardware token. If the hardware token is implemented well, it also requires the possession of the private key file.
                                        • With a passphrase, authentication might require the passphrase and private key file. If the hardware token is implemented well, authentication requires the passphrase, hardware token, and private key file.

                                        So in both cases access implies possession of the hardware token, and if I’m comfortable with that being sufficient then I’m free to skip adding a passphrase.

                                      1. 1

                                        This is exactly something I’ve been hoping existed. I love this aesthetic.

                                          1. 2

                                            The title is slightly disingenuous by kinda sorta implying that the iPhone 7 is a “Linux smartphone” because it booted postmarketOS, but the article itself takes the first paragraph to say specifically that Project Sandcastle was first. Maybe just “iPhone 7 now boots postmarketOS” would have been better.

                                            Either way, I’m really happy to see more people working on Linux support of all kinds for iDevices. Especially postmarketOS, since I’d certainly like to extend the life of my old iDevices as long as possible.

                                          1. 2

                                            GoboLinux’s filesystem reminds me superficially of macOS, at least the way that the macOS filesystem is presented to regular users with “Macintosh HD” containing

                                            • Users
                                            • Applications
                                            • Library
                                            • System

                                            Now that I consider it, macOS is a bit of a half-assed Frankenstein[‘s monster] of this idea. I’m glad to see someone’s committed to whole-assing it.

                                            1. 1

                                              After taking a second to confirm, this is the same ionescu007 and minilzma library that I remember reading a Twitter thread about yesterday. Awesome!

                                              1. 7

                                                The twitter thread for this was the first time I heard of you, Hillel (I think that you also proposed other programs to be proven, in addition to leftpad? Edit: There it is!). Since then I’ve been reading many of your posts.

                                                I recently tried to do a pen-and-paper proof of a bubble sort, and see if and how this could be formalized. The context is “Suppose you’d made a programming language in which proving programs correct is as close as possible to what a mathematician would do on paper”. My experiences:

                                                • Mathematics uses a lot of notation that is not easy to write down in ASCII (quantifiers, operators, arrows, …).
                                                • You need to ‘encode’ programming language concepts in math. For example, I choose to encode an int array as a function from the natural numbers to the integers.
                                                • Some things are hard to formally express. For example, you can specify the requirements for a sorting function as ‘output contains the same elements as the input, but sorted’. The sorted part is relatively easy to express mathematically, but ‘contains the same elements’ is harder.

                                                I choose to use functions to model arrays. An int array with n elements becomes a function from { 0, 1, …, n - 1 } to the integers. Now, we can phrase the requirement for a sorting function that the output function/array equals the composition of a permutation of { 0, 1, …, n - 1 } and the input function. Now you need some theory on permutations (most relevant: if you swap two elements in a permutation, it’s still a permutation).

                                                On top of that, you also need some axioms for integers. With these techniques and with a lot of loop invariants, it’s possible to prove the correctness of bubble sort. Then you realize you’ll also need to prove termination…

                                                Nothing in these steps is prohibitively hard, but it’s a lot of work and quite a rabbit hole!

                                                1. 2

                                                  Some things are hard to formally express. For example, you can specify the requirements for a sorting function as ‘output contains the same elements as the input, but sorted’. The sorted part is relatively easy to express mathematically, but ‘contains the same elements’ is harder.

                                                  Just to throw it out there since I got nerdsniped, are the following criteria not enough to express “contains the same elements”?

                                                  • The input and the output contain the same number of elements.
                                                  • For all elements in the input, the element is present in the output.

                                                  Maybe one or both of those criteria is itself hard to express.

                                                  1. 2

                                                    If the input contains duplicates, the output could contain another element and still fulfil those requirements.

                                                    You could hane it apply to both in->out and out->in. but but then the same thing could happen if there’s more than one element that has duplicates.

                                                    1. 1

                                                      Ah! Yep, I see it now. Thanks!

                                                    2. 2

                                                      @kyrias pointed out the issue, but you can make this valid by instead saying “every element of the input has the same count in the output.” In fact when I teach workshops I have students specify sorting both ways, as a permutation spec and as a counter spec.

                                                  1. 1

                                                    not sure if this is correct but: i can’t safely update the affected systems as the connection to the update hosts may be compromised, with signatures not working too?

                                                    1. 2

                                                      SwiftOnSecurity claims that Windows Update is not vulnerable:

                                                      https://twitter.com/SwiftOnSecurity/status/1217265731152289792

                                                      1. 1

                                                        thanks for the link! would be interesting to have some design docs for this.

                                                        1. 1

                                                          The vulnerability is specific to elliptic curve cryptography. According to Twitter, Windows Update uses RSA as well.

                                                    1. 8
                                                      • Calculus Made Easy by Sylvanus P. Thompson A Calculus primer from 1914. It’s a perfect, concise description of Calculus with a dry sense of humor. Its existence is an indictment of every awful, gigantic calculus textbook anchor bending students’ backs and school districts’ purses.
                                                      1. 7

                                                        This is a good example of why it’s good to namespace macros and enum values. In this case I’d probably go with CURRENCY_TRY as the enum value. The macro I might leave be, but I’d worry about its scope.

                                                        1. 3

                                                          I think you meant “it’s good to prefix macros and enum values”.

                                                          They’re using enum class (as opposed to plain enum) which does namespace the TRY name. It’s the preprocessor replacement of that name within the enum class by the TRY macro which is the problem. You can’t namespace macros in the ANamespace:: sense. You can #undef/redefine them yourself or prefix them (which can still lead to collisions).

                                                          1. 2

                                                            You’re right, prefix. I used the word namespace colloquially, but I should probably know better.

                                                        1. 4

                                                          DuckDuckGo still looks like this! And it has a “view image” button.

                                                          1. 2

                                                            Are there any examples of a project written in Fennel? Maybe a video game mod that leverages the existing Lua interface?

                                                            1. 4

                                                              Yeah, there are several examples listed on the Fennel wiki: https://github.com/bakpakin/Fennel/wiki

                                                              Games tend to dominate (especially love2d games) but there is also an IRC bot, text editor, web site, etc.

                                                            1. 3

                                                              Would it have been that hard to use infer.fb.com?

                                                              1. 10

                                                                You’d think a tech company could get that right. What really ticks me off is how the banking and financial industry seems to find subdomains so intolerable. It seems like every bank expects you to just implicitly trust any domain with their name in it.

                                                                1. 3

                                                                  Or at least get the certificate right.

                                                              1. 5

                                                                It would be nice if there was an option to never establish a data link over the lightning port unless the device is unlocked. 7 days is a long window if your device is seized at customs or something.

                                                                1. 2

                                                                  Indeed. If that’s the bypass mechanism being used, I’d even want it to be a PIN-controlled setting. I can’t remember the last time I used data over the USB cable.