codonell

azonenberg, 25 days ago to random

TIL that if you have a large enough input dataset, it's possible for the NIST MIST plugin for ImageJ to generate a TIFF file >2^32 bytes in size.

Except this isn't allowed by the spec since all of the pointers to offsets in the file are 32 bit.

If you then attempt to open this malformed file in GIMP, it will appear to load normally until it hits some point a bit past the 4GB boundary, at which point you get some kind of integer overflow or something.

I'm not sure what happens next because my machine with 128GB RAM froze up for a while and ultimately GIMP got oomkilled. But nothing good, that's for sure.

codonell, 27 days ago to random

Don't forget that Y2038 is coming...

drewdevault, 1 month ago to random

I needed a break from Real Work, so I'm speedrunning writing a Unix-ish operating system

Day 3

brainwane, 1 month ago (edited 1 month ago) to opensource

Some enterprises, in the wake of #xz, are focusing on their metrics for #opensource dependencies they ingest..... rather than investing money, developer time, or other resources* to directly support maintainers.

But as I mentioned to a friend recently:

If downstreams do not provide at least as much support as a motivated attacker would, we're likely to continue to get these kinds of outcomes - & to be deceived, as attackers shape their efforts to trick the metrics.

• https://harihareswara.net/posts/2021/sidestepping-the-pr-bottleneck-four-non-dev-ways-to-support-your-upstreams/

codonell, 1 month ago to random

It was a fairly smooth run through the full set of steps for the most recent CVE as a glibc CNA: https://inbox.sourceware.org/libc-announce/302f32ba-10f4-4928-8f44-ce19c668ca04@linaro.org/T/#u

drewdevault, 1 month ago to random

A question that is of interest today is "should a code of conduct apply outside of its borders?" In other words, can a project hold someone accountable for their behavior outside of that project's spaces?

The short answer is "yes". The long answer is "we live in a society".

🧵

bluca, 1 month ago to random

Alright, this took some team effort but in git main we are now at:

$ lddtree build/libsystemd.so.0
build/libsystemd.so.0 (interpreter => None)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
ld-linux-x86-64.so.2 => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

for a full-feature build, down 5 libs which are now dlopened on demand. Last one, libcap, will need to be swapped for some ioctls which won't happen for this release.

#systemd #xz

drewdevault, 1 month ago to random

Brief aside: if you're wondering why the Linux Foundation endorsed Valkey, it helps to note that 4/5 of the commercial interests behind Valkey are gold or platinum members of the Linux Foundation.

Together the leadership of Valkey represents a bit over $1.1M of the Linux Foundation's annual budget. They say "jump" and LF says "how high".

LF is a consortium of commercial interests, nothing more.

thejpster, 2 months ago to random

https://github.com/rust-embedded-community/tinyrlibc/issues/22

I appreciate the bug report but the fix is obvious and much smaller than the huge block of Asan output posted. It’s cool the tool found the bug but you can just say “3 is bigger than 2” and I’ll believe you.

brainwane, 3 months ago to random

https://www.askamanager.org/2024/02/my-store-is-doing-great-because-im-breaking-all-our-policies.html

"I feel like everything I’ve done to make our store a good place to work at and shop at has been directly at odds with the instructions and directions I am supposed to be following."

Echoes of so many critiques of human institutions - "On the Psychology of Military Incompetence" (by Norman Dixon, 1976) comes to mind for me. Also, this is kind of the opposite of the classic principal-agent problem.

codonell, 3 months ago to random

glibc 2.39 released! https://inbox.sourceware.org/libc-announce/38790850.J2Yia2DhmK@pinacolada/T/#u - We have an advisories format! And 3 last-minute CVE fixes 😃

codonell, 5 months ago to random

The secret-gift-giving season arrived early... with the gift of Autoconf 2.72 🎁
https://lists.gnu.org/archive/html/autoconf/2023-12/msg00037.html
Frederic Berat has been working on Fedora tooling to do orchestrated mass package rebuilds (https://gitlab.com/fedora/packager-tools/mass-prebuild) and the first question that tooling had to answer was "show me we happens when we update autoconf in Fedora?"

codonell, 5 months ago to random

And glibc now has a Code of Conduct: https://inbox.sourceware.org/libc-alpha/ea69deee-0277-da10-db41-75598bbfdbfc@redhat.com/T/#u
... if you'd like to volunteer for the CoCC: https://inbox.sourceware.org/libc-alpha/bb54e1b7-6250-86d6-10d4-92e909bce632@redhat.com/T/#u
At this point we have CoCs covering gcc, binutils and glibc.

purpleidea, 5 months ago to random

After upgrading Fedora, it seems /etc/nsswitch.conf management has changed again, and what is authselect and was it always here? Well, something nuked my old nsswitch.conf file anyways!

Looking forward for @pid_eins and systemd to replace this and all the pam config stuff with something modern and sane!

eniko, 5 months ago to random

oh no

i added the ability to use a custom allocator to my unmanaged memory arenas

which means

i could make arenas for arenas

oh no what have i done

codonell, 7 months ago to random

Failing is OK. We can learn a lot when we fail. https://inbox.sourceware.org/libc-alpha/cf4a8045-c824-6f1c-ffd1-e433aa45ef2c@redhat.com/T/#u

codonell, 8 months ago to random

Yes, everything needs a test case :-) https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=dfe8c445883a50a55564b02b6957257bfc510db4

jwildeboer, 9 months ago (edited 8 months ago) to random

A kinda weird question. If you were to write an #OpenStandard, just the standard document itself: Under what license would you put it to make sure it is irrevocably available for free to anyone but also making sure it cannot be altered by downstream recipients? 1/n

brainwane, 9 months ago to opensource

New blog post on user support frustration, its causes, and how we could build the "infrastructure of equanimity" in #opensource, including ideas for potential cross-project tools & practices.

https://www.harihareswara.net/posts/2023/user-support-equanimity-potential-cross-project-tools-practices-open-source/

Shout-outs to @davidism, Heidi Waterhouse, @offby1, @jacob, Nicole Harris, @bernard, + @georgia for work & conversations that I built on in this piece.

#maintainer #maintainership #FLOSS #UX #UserExperience #sustainability #ProjectManagement #Python #PythonPackaging #burnout

b0rk, 9 months ago (edited 9 months ago) to random

a couple of years ago on twitter I asked why man pages don't have examples and had a surprisingly interesting discussion https://twitter.com/b0rk/status/1427308140916363269

I learned that:

• GNU tools intentionally left examples out of man pages, because the idea was that the examples were in the "info" pages instead (which I never heard of it in ~15 years of using Linux, apparently it’s am emacs thing)
• BSD man pages do tend to have examples (for example man grep on Mac OS has some examples, on Linux it doesn't)