The Dark Side Of Package Repositories: Ownership Drama And Malware

At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

Continue reading “The Dark Side Of Package Repositories: Ownership Drama And Malware”

Streetfighter 2 placed on table top display with separate arcade control box

Game Like It’s 2021 On A McDonald’s Touchscreen Table

Some of you around the world may have come across these Android-based gaming tables installed in your local fast-food outlet, and may even have been lucky enough to paw at one that was actually working at the time.

Originally based on an ancient mini PC, with a 1080p flat panel LCD and a touch overlay, they would have been mind-blowing for small children back in the day, but nowadays we expect somewhat more. YouTuber [BigRig Creates] got his hands on one, in a less than pleasant condition, but after a lot of soap and water, it was stripped down and the original controller junked in favour of a modern mini PC. To be clear, there isn’t much left beyond the casing and display from the original hardware, but we don’t care, as a lot of attention was paid to the software side of things to get it to triple-booting into Windows 10, Android x86 and Linux running emulation station, covering all those table-gaming urges you may have.

Internally, there is a fair amount of room for improvement on the wiring side of things, and [BigRig] is quick to admit that, but that’s what this learning game is all about. Now, many of you will choke on the very idea of playing games on a table system like this, after all, it’s pretty obvious this will be really hard on the back and neck. But, it does offer the easy option to switch from landscape to portrait orientation, simply by walking around the side, so it does have an upside. Also you’ve got a handy place to dump your beer and the takeaway when it arrives, so maybe not such a bad thing to have in your apartment? And, yes, it does run Doom.

We were particularly amused by the custom boot logo as well as the slick custom art in emulation station. It’s attention to detail like this that makes a build a great one and a conversation piece at parties. Now if only he could sort out that wiring job.

Continue reading “Game Like It’s 2021 On A McDonald’s Touchscreen Table”

Screenshot of MacOS Lunar app

Controlling External Monitors On M1 Macs With Undocumented APIs

Display Data Channel (DDC) is a very useful feature of modern digital displays, as it allows the graphics card (and thus the OS) to communicate with a display and control features such as brightness and contrast. The biggest negative aspect here is the relatively poor access to this feature within an operating system like MacOS, which can change on a whim, as [Alin Panaitiu] found out recently.

Current displays implement DDC2, which is based around an I2C bus. Despite this, few OSes offer DDC-based control of features such as brightness which is where [Alin] developed a popular utility for MacOS that used undocumented APIs to talk DDC2 with external monitors via I2C. Until the new Arm-based Mac systems got released and these undocumented APIs got changed, that is.

Even though there are some ways around this, with some utilities using a simple software-based overlay to ‘dim’ the display, or using an external gamma adjustment via an external Raspberry Pi system hooked up to HDMI and using ddcutil, the best way is still via DDC2. Ultimately the new (undocumented) APIs that provide access were discovered, with another user going by the name [zhuowei] notifying [Alin] of the new IOAVServiceReadI2C and IOAVServiceWriteI2C methods with Arm-based MacOS.

After this it took some more sleuthing to figure out which of the devices on the I2C bus were which monitor in the case of multiple external monitors, but in the end it all worked again, adding hardware-based brightness controls back in the hands of MacOS users. Minus a few apparent hardware issues with HDMI on the M1 Mac Mini and some displays, but who is counting?

[Heading image: Screenshot of the Lunar app on MacOS. Credit: Alin Panaitiu]