Feed digilinux.ru [copy] http://digilinux.ru/feed/ has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Feed freepost [copy] https://freepo.st/rss/new has loading error: cURL error 22: The requested URL returned error: 500
Feed justine.lol [copy] https://justinetunney.com/rss.xml has loading error: cURL error 60: SSL certificate problem: certificate has expired
When will we learn?
Congratulations to Rust for its first (but not its last) supply-chain attack this week! They join a growing club of broken-by-design package managers which publish packages uploaded by vendors directly, with no review step, and ship those packages directly to users with no further scrutiny.
Timeline of major incidents on npm/Crates/PyPI/etc 2022-05-10: Cargo: rustdecimal ships with malicious code 2022-05-09: npm: foreach is taken over via an expired email domain 2022-03-17: npm: node-ipc ships malware targeting Russia and Belarus 2022-01-09: npm: colors and faker are deliberately sabotaged 2021-11-19: PyPI: 11 malicious packages discovered 2021-11-04: npm: rc ships malicious code 2021-11-04: npm: coa steals your passwords 2021-10-22: npm: ua-parser-js ships malicious code 2021-10-11: PyPI: mitmproxy2...Implementing an SSH agent in Hare
Cross-posted from the Hare blog
In the process of writing an SSH agent for Himitsu, I needed to implement many SSH primitives from the ground up in Hare, now available via hare-ssh. Today, I’m going to show you how it works!
Important: This blog post deals with cryptography-related code. The code you’re going to see today is incomplete, unaudited, and largely hasn’t even seen any code review. Let me begin with a quote from the “crypto” module’s documentation in the Hare standard library:
Cryptography is a difficult, high-risk domain of programming. The life and well-being of your users may depend on your ability to implement cryptographic applications with due care....
Announcing the Hare programming language
The “secret programming language” I have been teasing for several months now is finally here! It is called Hare, and you can read about it on the Hare blog:
https://harelang.org/blog/2022-04-25-announcing-hare/
Check it out!
2022-04-19
Suckless now has a dark mode CSS style for its pages. Surf also now has support for dark mode.
Status update, April 2022
This month marked my first time filing taxes in two countries, and I can assure you it is the worst. I am now a single-issue voter in the US: stop taxing expats! You can get some insight into the financials of SourceHut in the recently-published financial report. But let’s get right into the fun stuff: free software development news.
There was some slowdown from me this month thanks to all of the business and financial crap I had to put up with, but I was able to get some cool stuff done and many other contributors have been keeping things moving. I’ll start by introducing a new/old project:...
Announcing git snail-mail
You’ve heard of git-over-email thanks to git send-email — now you can enjoy git snail-mail: a new tool making it easier than ever to print out git commits on paper and mail them to your maintainers.
Running git snail-mail HEAD~2.. prepares the last two commits for post and sends them directly to the system’s default printer. Configuration options are available for changing printer settings, paper size, and options for faxing or printing envelopes automatically addressed to the maintainers based on address info stored in your git config. Be sure to help the maintainers review your work by including a return envelope and a stamp!
And for maintainers, code review...
It is important for free software to use free software infrastructure
Disclaimer: I founded a project and a company that focuses on free software infrastructure. I will elect not to name them in this post, and will only recommend solutions I do not have a vested interest in.
Free and open source software (FOSS) projects need infrastructure. Somewhere to host the code, to facilitate things like code review, end-user support, bug tracking, marketing, and so on. A common example of this is the “forge” platform: infrastructure which pitches itself as a one-stop shop for many of the needs of FOSS projects in one place, such as code hosting and review, bug tracking, discussions, and so on. Many projects will...
The Netherlands so far
I moved to Amsterdam in July 2021, and now that I’ve had some time to settle in I thought I’d share my thoughts on how it’s been so far. In short: I love it here!
I did end up finding housing through the hacker community thanks to my earlier post, which was a great blessing. I am renting an apartment from a member of the Techinc hacker space, which I have joined as a member myself. One of my biggest fears was establishing a new social network here in the Netherlands, but making friends here has been easy. Through this hacker space and through other connections besides, I...