I'm the boss! Please enjoy my finely curated links.
This profile is from a federated server and may be incomplete. Browse more on the original instance.
I'm the boss! Please enjoy my finely curated links.
This profile is from a federated server and may be incomplete. Browse more on the original instance.
six month database stats
After six months or so of federation, some stats on disk usage....
meta groups
I've implemented basic support for meta groups (groups of groups). There's a lot of redundancy because of the federated nature of the azoriverse, with similar groups duplicated across multiple servers. Meta groups are a solution, by presenting users with a (somewhat transparent) single group that collects all of the posts....
How web bloat impacts users with slow devices (danluu.com)
CPU performance for web apps hasn't scaled nearly as quickly as bandwidth so, while more of the web is becoming accessible to people with low-end connections, more of the web is becoming inaccessible to people with low-end devices even if they have high-end connections. For example, if I try browsing a "modern" Discourse-powered...
Azorius 0.3.4 Streamlined Selection
Mostly bugfixes and some refinements....
Azorius 0.3.3 Terrific Triplicate
Minor update. A few refinements and fixes....
Can I copy this cool (hover popup) effect with CSS? (www.youtube.com)
Trying to recreate https://codepen.io/gayane-gasparyan/details/wvxewXO.
Deduping
Finally got around to fixing a common annoyance. There's four different groups covering "technology" and the same link gets posted to all of them every time. These are now deduped in the main feed.
Azorius 0.3.2 Fixed Function
New release. Not a lot of changes, mostly bug fixes and some interop improvements. Biggest feature of note is post previews....
Go 1.22: Interactive release notes (antonz.org)
Based on the Go 1.22 release notes from the Go team (3-Clause BSD License), with many interactive examples added. This blog post is synchronized with the source document as it gets updated.
DIY Espresso (www.fourbardesign.com)
High pressure, high forces, long lever arms...all of that meant heavy and strong (read: expensive) parts which I was not looking forward to having to fabricate. Instead, I settled on the simpler idea of harnessing the power of compressed gas. Instead of using a high mechanical advantage lever to push a piston, compressed CO2...
Unmasking a Go HTML Parser Bug with Differential Fuzzing (mionskowski.pl)
In this write-up, we’ll delve into how, through differential fuzzing, we uncovered a bug in Go’s exp/net HTML’s tokenizer. We’ll show potential XSS implications of this flaw. Additionally, we’ll outline how Google assessed this finding within their VRP program and guide how to engage and employ fuzzing to evaluate your...
WASI support in Go (go.dev)
Go 1.21 adds a new port targeting the WASI preview 1 syscall API through the new GOOS value wasip1. This port builds on the existing WebAssembly port introduced in Go 1.11....
CGO Performance In Go 1.21 (shane.ai)
Cgo calls take about 40ns, about the same time encoding/json takes to parse a single digit integer. On my 20 core machine Cgo call performance scales with core count up to about 16 cores, after which some known contention issues slow things down.
CVE-2020-19909 Is Everything That Is Wrong With Cves (daniel.haxx.se)
It was obvious already before that NVD really does not try very hard to actually understand or figure out the problem they grade. In this case it is quite impossible for me to understand how they could come up with this severity level. It’s like they saw “integer overflow” and figure that wow, yeah that is the most...
Structured Logging with slog (go.dev)
The new log/slog package in Go 1.21 brings structured logging to the standard library. Structured logs use key-value pairs so they can be parsed, filtered, searched, and analyzed quickly and reliably. For servers, logging is an important way for developers to observe the detailed behavior of the system, and often the first place...
WinRAR flaw lets hackers run programs when you open RAR archives (www.bleepingcomputer.com)
The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened....
Backward Compatibility, Go 1.21, and Go 2 (go.dev)
Boring is good. Boring is stable. Boring means being able to focus on your work, not on what’s different about Go. This post is about the important work we shipped in Go 1.21 to keep Go boring....
Espresso Coffee Mitigates the Aggregation and Condensation of Alzheimer′s Associated Tau Protein (pubs.acs.org)
Espresso coffee is among the most consumed beverages in the world. Recent studies report a protective activity of the coffee beverage against neurodegenerative disorders such as Alzheimer′s disease. Alzheimer′s disease belongs to a group of disorders, called tauopathies, which are characterized by the intraneuronal...
A few notes on search
The search box, at present, is more like a fetch activity box. It can only find and retrieve objects by their activitypub ID (url)....
The chat has entered azorius
Pushed a big change to enable group chat....
Summary: MTE As Implemented (googleprojectzero.blogspot.com)
MTE = Memory Tagging Extension...
What’s New in Go 1.21 Comprehensive Notes (medium.com)
The Go programming language has released its first Release Candidate (RC) for version 1.21, which is packed with new features, improvements, and performance enhancements. This article provides an overview of the notable changes and features in Go 1.21, along with some exciting additions to the standard library....
The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 (security.googleblog.com)
41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated.
Scripting with Go: a 400-line Git client (benhoyt.com)
A few years ago I wrote pygit, a small Python program that’s just enough of a Git client to create a repository, add some commits, and push itself to GitHub....
Go 1.22 inlining overhaul (docs.google.com)
Our current inlining policy remains built on a foundation that is becoming increasingly strained as we add things like PGO, is increasingly anchored in past backend limitations, and it continues to use an overly simplistic cost model driven by an overly simplistic scheduler. Between unified IR and the untapped possibilities of...