pbarker

pbarker, 10 days ago to programming

Never, ever write the words:

"I'm planning to send [the next version of my patches] in the next hour or so, assuming my tests pass."

This is actually a magic spell which will cause your tests to immediately fail with a NULL pointer dereference.

#LinuxKernel #Programming

pbarker, 1 month ago to opensource

Bash/zsh tip: ! is a valid character in an alias. I use it to mark aliases which run under sudo, for example on my Debian box I have:

alias e!="sudo ${EDITOR}"
alias a!="sudo apt"
alias s!="sudo systemctl"
alias in!="sudo apt install"

... and a few others.

#OpenSource #Linux #Bash #ZSH

revk, 1 month ago to random

Monmouthshire have to be going for some sort of record here!!!

pbarker, 1 month ago to opensource

A bold statement from Dirk Mueller on the OpenSUSE blog:

"Debian, as well as the other affected distributions like openSUSE are carrying a significant amount of downstream-only patches to essential open-source projects, like in this case OpenSSH. With hindsight, that should be another Heartbleed-level learning for the work of the distributions. These patches built the essential steps to embed the backdoor, and do not have the scrutiny that they likely would have received by the respective upstream maintainers. Whether you trust Linus Law or not, it was not even given a chance to chime in here. Upstream did not fail on the users, distributions failed on upstream and their users here."

https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/

#OpenSource #XZ #Security #OpenSUSE

Floppy, 2 months ago (edited 2 months ago) to random

Anyone know a standard encoding scheme for binary data to alphabetical strings using only lowercase consonants?

I want to generate non-numeric IDs but avoid making real words, so cutting out the vowels seems the the best approach.

I could just make something up like convert it to hex, and then make b=0, c=1, d=2, f=3, g=4 etc, but is there anything standard?

EDIT: We have a winner, @pbarker pointed me at https://sqids.org which will do the job nicely!

pbarker, 2 months ago to opensource

This, from the naive and innocent days of just under a month ago, is worth re-reading in light of the xz backdoor:

"In essence, having a lot of dependencies results in two problems. The first is the burden problem, where each added dependency requires extra effort. That manifests in tasks such as keeping up to date with dependencies, but also requires extra work for downstream users like people packaging the project for a Linux distribution.

The second problem is a trust problem: each additional dependency is another team to trust and another codebase to validate. This trust problem is especially important to sudo-rs. As a setuid program meant for elevating privileges, all code that is compiled into sudo-rs has the potential to accidentally (or intentionally) give access to system resources to people who should not have that access. The setuid context additionally puts some constraints on how code is executed, and dependencies might not have accounted for that context. We could not expect any of our dependencies to take into account such a context either."

https://www.memorysafety.org/blog/reducing-dependencies-in-sudo/

#OpenSource #XZ #Security

pbarker, 2 months ago to opensource

If you still want to read more about the xz backdoor, I highly recommend these two posts from Russ Cox:

"The xz attack shell script" - https://research.swtch.com/xz-script

"Timeline of the xz open source attack" - https://research.swtch.com/xz-timeline

#xz #OpenSource #Security

eb, 2 months ago to security

Unfolding now: https://news.ycombinator.com/item?id=39865810

• https://www.openwall.com/lists/oss-security/2024/03/29/4
• https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

• https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
• https://github.com/jamespfennell/xz/pull/2

The timeline on this is going to take so long to unravel

#security #linux

exador23, 2 months ago to random

seems legit.

ross, 2 months ago to random

Can anyone recommend a podcast on Norse mythology that isn’t two guys sitting around and talking about their Christmas shopping for an hour? Something with a script and production values.

pbarker, 4 months ago to twitter

Blog post #ShoutOut: Save your Twitter Account by @eff

https://www.eff.org/deeplinks/2024/01/save-your-twitter-account

"Amid reports that X—the site formerly known as Twitter—is dropping in value, hindering how people use the site, and engaging in controversial account removals, it has never been more precarious to rely on the site as a historical record. So, it’s important for individuals to act now and save what they can."

If you have a Twitter account and care about any of your data over there, go grab a copy of it while you still can.

#Twitter

andypiper, 5 months ago to random

Bizarrely (?), it seems that most of the local councils in the UK have entirely different methods and sites for providing information about refuse collection dates to their residents. Fortunately, there's a GitHub project working to create a simpler API across them (albeit with a ton of different adapters)... https://github.com/robbrad/UKBinCollectionData

zip, 5 months ago to random

the year is 2024. A bunch of music has fallen out of copyright, but you can’t actually use it because none of the automated enforcement systems know that

pbarker, 6 months ago to RSS

I'm want to start shouting out good blog posts & articles here... Starting with this one:

"Why your blog still needs RSS" by @amoroso
https://journal.paoloamoroso.com/why-your-blog-still-needs-rss

I completely agree with this sentiment - I now read most things via RSS feeds.

The main thing I need in addition to RSS is discoverability - how do I find interesting blogs & articles. I have a nasty habit of checking Hacker News, even though I know it's a trash fire.

So feel free to share good blogs & articles on here, perhaps in doing so you'll save me from HN.

#RSS #blogging

mansr, 7 months ago to random

Use doors HOW?

kernellogger, 9 months ago (edited 9 months ago) to linux

#Bcachefs was about to hit #linux-next (a pre-requisite for mainline inclusion[1]), but missing Signed-off-by lines got in between:

https://lore.kernel.org/all/20230911125359.5a61d30a@canb.auug.org.au/ #kernel #LinuxKernel

[1] https://lore.kernel.org/all/CAHk-=wjUX287gJCKDXUY02Wpot1n0VkjQk-PmDOmrsrEfwPfPg@mail.gmail.com/

astrid, 11 months ago to random

monogamy implies the existence of stereogamy and 5.1gamy

neil, 1 year ago to random

The coronation of King Charles takes place next Saturday.

After this date, banknotes showing the queen will no longer be valid.

You're probably hearing this for the first time and panicking a bit, but don't worry.

Just post your old notes to me, along with a stamped, self-addressed, envelope, and I will exchange them for you.