Radio Azureus<p>$ dmesg | lolcat</p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/messagesAfterPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>messagesAfterPost</span></a> <a href="https://mastodon.social/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> <a href="https://mastodon.social/tags/bash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bash</span></a> <a href="https://mastodon.social/tags/csh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>csh</span></a> <a href="https://mastodon.social/tags/ksh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ksh</span></a> <a href="https://mastodon.social/tags/sh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sh</span></a></p>
mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.
Administered by:
Server stats:
1active users
mastodon.zunda.ninja: About · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1+59886e04-ruby-3.4.5
#posix
0 posts · 0 participants · 0 posts today
Felix Palmen :freebsd: :c64:<p><a href="https://mastodon.bsd.cafe/tags/xmoji" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xmoji</span></a> <a href="https://mastodon.bsd.cafe/tags/l10n" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>l10n</span></a>: First pull request completed, I now have my very own translation tool and can translate all the UI texts (but not yet include the <a href="https://mastodon.bsd.cafe/tags/Unicode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unicode</span></a> <a href="https://mastodon.bsd.cafe/tags/CLDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CLDR</span></a> translations for the emoji names, that'll be the next PR).</p><p>Amazing as always, the key to getting things done is to DO these things 😂🙈. Investing a LOT of thought about whether to use <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> catalogs or GNU <a href="https://mastodon.bsd.cafe/tags/gettext" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gettext</span></a> or come up with something myself (and then, how far should I jump there) led exactly nowhere and I finally decided to just run a spike with own tooling and refine the design while coding it. Ended up with a simple (and, I think, portable) binary format for the translations, containing everything in UTF-8, but offering a flag for the translation loader to know which texts to directly convert to my "UniStr" type holding UTF-32.</p><p><a href="https://mastodon.bsd.cafe/tags/X11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>X11</span></a> <a href="https://mastodon.bsd.cafe/tags/emoji" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>emoji</span></a> <a href="https://mastodon.bsd.cafe/tags/keyboard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyboard</span></a></p>
Dr. Todd A. Jacobs<p><a href="https://infosec.exchange/tags/TIL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TIL</span></a> that <span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> appears to use the <a href="https://infosec.exchange/tags/ustar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ustar</span></a> tar archive format, likely the version from POSIX.1-1988, for <a href="https://infosec.exchange/tags/gpgtar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpgtar</span></a> rather than either the <a href="https://infosec.exchange/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> or Star formats from POSIX.1-2001. Since ustar has serious limitations on filename and pathname lengths, can't store certain file types or metadata, and has a 2GB file size limit, it seems unsuitable for most modern use cases.</p><p>If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the <a href="https://infosec.exchange/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> user documentation which explicitly says it uses ustar. I have a lot of respect for the <a href="https://infosec.exchange/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> devs, so I hope this is either just a documentary oversight or something that they can easily fix by linking with newer libraries. In either case, ustar is totally unsuitable for writing large archives to tape, and doesn't even offer the options GNU tar does for creating a separate index file, encrypted or not.</p><p>The gnutar command line doesn't offer the option to write a separate index, and requires a separate pass to list out the index. For example if you wanted to encrypt a 20TiB archive with a separate, encrypted index to make finding files easier, you'd either have to pipe tar through gpg (which can cause shoe-shining or buffering issues on <a href="https://infosec.exchange/tags/LTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTFS</span></a>) and then encrypt GNU/BSD tar's index, or have <em>triple</em> the online HDD/SDD capacity of your archived data so you can tar up your files, run another pass with GnuPG to extract the index, and then encrypt both the tarball and index separately before writing them out to tape.</p><p>That seems...unreasonable. <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> doesn't support the AES-256-GCM mode built into current <a href="https://infosec.exchange/tags/LTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO</span></a> drives, so gpgtar needs to keep up with the massive growth of data storage capacity rather than remaining an afterthought utility. Especially for <a href="https://infosec.exchange/tags/SOHO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOHO</span></a> LTO drives, the ability to write encrypted gpgtar archives and indexes directly to LTFS could be a real game-changer!</p>
Philip Guenther<p>I've written a diff for <a href="https://bsd.network/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> to implement the new <a href="https://bsd.network/tags/posix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>posix</span></a> close-on-fork (FD_CLOFORK, O_CLOFORK, etc) flag...and as specified it seems unsafe/insecure.</p><p>Specifically, it's required to be preserved across exec. So, you're supposed to be able to set the close-on-fork flag on fd 2, exec a setuid program which forks, and have stderr be closed in the child, so the next fd it opens gets stderr output!?? Wut.</p><p>Does anyone have Real World experience with close-on-fork, either</p><p>a) as a application author, making intentional use of its preservation across exec, OR</p><p>b) as an implementer, either who has deployed as specified (and dealt with attacks?) or who don't follow the standard on this or other points?</p><p>(Please retoot if your audience may have answers)</p>
Radio Azureus<p>Interesting 🤔 how <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> are leveraged as resume items, putting <a href="https://mastodon.social/tags/programmers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programmers</span></a> <a href="https://mastodon.social/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developers</span></a> & project leads under pressure by <a href="https://mastodon.social/tags/bogus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bogus</span></a> CVE reports or unnecessary high CVE ratings.</p><p>Popular and obscure programs are affected in the <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> world e.g <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/freeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeBSD</span></a> <a href="https://mastodon.social/tags/netBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netBSD</span></a> <a href="https://mastodon.social/tags/openBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openBSD</span></a> </p><p><a href="https://mastodon.social/tags/Curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Curl</span></a> ➰ by <a href="https://mastodon.social/tags/Daniel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Daniel</span></a> <a href="https://mastodon.social/tags/Stenberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stenberg</span></a> and <a href="https://mastodon.social/tags/IP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IP</span></a> by <a href="https://mastodon.social/tags/Fedor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedor</span></a> <a href="https://mastodon.social/tags/Indutny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Indutny</span></a> are popular programs hit by this <a href="https://mastodon.social/tags/phenomena" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phenomena</span></a> which can lead to unwarranted <a href="https://mastodon.social/tags/panic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>panic</span></a> in the users space </p><p><a href="https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/dev-rejects-cve-severity-makes-his-github-repo-read-only/</span></a></p>
Hal CanaryTime for a longer #introduction.
codesections<p>I've recently been trying out the <a href="https://fosstodon.org/tags/yash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yash</span></a> shell (<a href="https://yash.osdn.jp/index.html.en" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">yash.osdn.jp/index.html.en</span><span class="invisible"></span></a>) and think I'm going to switch to it as my full-time shell.</p><p>It offers:<br> - fish-like completion<br>- <a href="https://fosstodon.org/tags/posix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>posix</span></a> compliance <br>- Low memory use (compared to <a href="https://fosstodon.org/tags/fish" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fish</span></a>/#zsh)<br>- customizable keyboard commands with built-in readline defaults</p><p>(I'm leaving <a href="https://fosstodon.org/tags/ion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ion</span></a> – nothing against it, and it still seems cool, but I'm interested in moving back towards POSIX compliance)</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload