Feed digilinux.ru [copy] http://digilinux.ru/feed/ has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Feed freepost [copy] https://freepo.st/rss/new has loading error: cURL error 6: Could not resolve host: freepo.st
Status update, May 2022
This was an exciting month: the Hare programming language is a secret no more! You can now try out the programming language I first teased over a year ago and tell me what you think. I hope you like it! I’m quite pleased with it so far.
One thing Hare has done is allow me to unshelve several projects which were blocked pending the availability of a suitable language to write them in. I have actually been working on several of these for a while now — and several more are to come later — but I couldn’t share them thanks to Hare’s policy of secrecy early in...
A Hare code generator for finding ioctl numbers
Modern Unix derivatives have this really bad idea called ioctl. It’s a function which performs arbitrary operations on a file descriptor. It is essentially the kitchen sink of modern Unix derivatives, particularly Linux, in which they act almost like a second set of extra syscalls. For example, to get the size of the terminal window, you use an ioctl specific to TTY file descriptors:
let wsz = rt::winsize { ... };
match (rt::ioctl(fd, rt::TIOCGWINSZ, &wsz: *void)) {
case let e: rt::errno =>
switch (e: int) {
case rt::EBADFD =>
return errors::invalid;
case rt::ENOTTY =>
return errors::unsupported;
case =>
abort("Unexpected error from ioctl");
};
case int =>
return ttysize {
rows = wsz.ws_row,
columns = wsz.ws_col,
};
};
This code performs the...
When will we learn?
Congratulations to Rust for its first (but not its last) supply-chain attack this week! They join a growing club of broken-by-design package managers which publish packages uploaded by vendors directly, with no review step, and ship those packages directly to users with no further scrutiny.
Timeline of major incidents on npm/Crates/PyPI/etc 2022-05-10: Cargo: rustdecimal ships with malicious code 2022-05-09: npm: foreach is taken over via an expired email domain 2022-03-17: npm: node-ipc ships malware targeting Russia and Belarus 2022-01-09: npm: colors and faker are deliberately sabotaged 2021-11-19: PyPI: 11 malicious packages discovered 2021-11-04: npm: rc ships malicious code 2021-11-04: npm: coa steals your passwords 2021-10-22: npm: ua-parser-js ships malicious code 2021-10-11: PyPI: mitmproxy2...Implementing an SSH agent in Hare
Cross-posted from the Hare blog
In the process of writing an SSH agent for Himitsu, I needed to implement many SSH primitives from the ground up in Hare, now available via hare-ssh. Today, I’m going to show you how it works!
Important: This blog post deals with cryptography-related code. The code you’re going to see today is incomplete, unaudited, and largely hasn’t even seen any code review. Let me begin with a quote from the “crypto” module’s documentation in the Hare standard library:
Cryptography is a difficult, high-risk domain of programming. The life and well-being of your users may depend on your ability to implement cryptographic applications with due care....
Announcing the Hare programming language
The “secret programming language” I have been teasing for several months now is finally here! It is called Hare, and you can read about it on the Hare blog:
https://harelang.org/blog/2022-04-25-announcing-hare/
Check it out!
2022-04-19
Suckless now has a dark mode CSS style for its pages. Surf also now has support for dark mode.
Status update, April 2022
This month marked my first time filing taxes in two countries, and I can assure you it is the worst. I am now a single-issue voter in the US: stop taxing expats! You can get some insight into the financials of SourceHut in the recently-published financial report. But let’s get right into the fun stuff: free software development news.
There was some slowdown from me this month thanks to all of the business and financial crap I had to put up with, but I was able to get some cool stuff done and many other contributors have been keeping things moving. I’ll start by introducing a new/old project:...
Announcing git snail-mail
You’ve heard of git-over-email thanks to git send-email — now you can enjoy git snail-mail: a new tool making it easier than ever to print out git commits on paper and mail them to your maintainers.
Running git snail-mail HEAD~2.. prepares the last two commits for post and sends them directly to the system’s default printer. Configuration options are available for changing printer settings, paper size, and options for faxing or printing envelopes automatically addressed to the maintainers based on address info stored in your git config. Be sure to help the maintainers review your work by including a return envelope and a stamp!
And for maintainers, code review...