Feed digilinux.ru [copy] http://digilinux.ru/feed/ has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Feed freepost [copy] https://freepo.st/rss/new has loading error: cURL error 22: The requested URL returned error: 500
bleh
A few weeks ago, the maintainer of a project on SourceHut stepped down from their work, citing harassment over using SourceHut as their platform of choice. It was a difficult day when I heard about that.
Over the past few weeks, I have been enduring a bit of a depressive episode. It’s a complex issue rooted in several different problems, but I think a major source of it is the seemingly constant deluge of hate I find myself at the receiving end of online. I had to grow a thick skin a long time ago, but lately it has not been thick enough. I am finding it...
Google has been DDoSing SourceHut for over a year
Just now, I took a look at the HTTP logs on git.sr.ht. Of the past 100,000 HTTP requests received by git.sr.ht (representing about 2½ hours of logs), 4,774 have been requested by GoModuleProxy — 5% of all traffic. And their requests are not cheap: every one is a complete git clone. They come in bursts, so every few minutes we get a big spike from Go, along with a constant murmur of Go traffic.
This has been ongoing since around the release of Go 1.16, which came with some changes to how Go uses modules. Since this release, following a gradual ramp-up in traffic as the release was...
Status update, May 2022
This was an exciting month: the Hare programming language is a secret no more! You can now try out the programming language I first teased over a year ago and tell me what you think. I hope you like it! I’m quite pleased with it so far.
One thing Hare has done is allow me to unshelve several projects which were blocked pending the availability of a suitable language to write them in. I have actually been working on several of these for a while now — and several more are to come later — but I couldn’t share them thanks to Hare’s policy of secrecy early in...
A Hare code generator for finding ioctl numbers
Modern Unix derivatives have this really bad idea called ioctl. It’s a function which performs arbitrary operations on a file descriptor. It is essentially the kitchen sink of modern Unix derivatives, particularly Linux, in which they act almost like a second set of extra syscalls. For example, to get the size of the terminal window, you use an ioctl specific to TTY file descriptors:
let wsz = rt::winsize { ... };
match (rt::ioctl(fd, rt::TIOCGWINSZ, &wsz: *void)) {
case let e: rt::errno =>
switch (e: int) {
case rt::EBADFD =>
return errors::invalid;
case rt::ENOTTY =>
return errors::unsupported;
case =>
abort("Unexpected error from ioctl");
};
case int =>
return ttysize {
rows = wsz.ws_row,
columns = wsz.ws_col,
};
};
This code performs the...
When will we learn?
Congratulations to Rust for its first (but not its last) supply-chain attack this week! They join a growing club of broken-by-design package managers which publish packages uploaded by vendors directly, with no review step, and ship those packages directly to users with no further scrutiny.
Timeline of major incidents on npm/Crates/PyPI/etc 2022-05-10: Cargo: rustdecimal ships with malicious code 2022-05-09: npm: foreach is taken over via an expired email domain 2022-03-17: npm: node-ipc ships malware targeting Russia and Belarus 2022-01-09: npm: colors and faker are deliberately sabotaged 2021-11-19: PyPI: 11 malicious packages discovered 2021-11-04: npm: rc ships malicious code 2021-11-04: npm: coa steals your passwords 2021-10-22: npm: ua-parser-js ships malicious code 2021-10-11: PyPI: mitmproxy2...Implementing an SSH agent in Hare
Cross-posted from the Hare blog
In the process of writing an SSH agent for Himitsu, I needed to implement many SSH primitives from the ground up in Hare, now available via hare-ssh. Today, I’m going to show you how it works!
Important: This blog post deals with cryptography-related code. The code you’re going to see today is incomplete, unaudited, and largely hasn’t even seen any code review. Let me begin with a quote from the “crypto” module’s documentation in the Hare standard library:
Cryptography is a difficult, high-risk domain of programming. The life and well-being of your users may depend on your ability to implement cryptographic applications with due care....
Announcing the Hare programming language
The “secret programming language” I have been teasing for several months now is finally here! It is called Hare, and you can read about it on the Hare blog:
https://harelang.org/blog/2022-04-25-announcing-hare/
Check it out!