I heard about CVE-2016-10229
earlier today. In a nutshell, it allows for arbitrary code execution via UDP
traffic if userspace programs are using
MSG_PEEK in their
recv calls. I
quickly updated my kernels and rebooted any boxes where necessary, but when I
read the discussions on this matter I saw people downplaying this issue by
MSG_PEEK is an obscure feature.
In the words of Doug Gwyn, “Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things”. C is a very powerful tool, but it is to be used with care and discipline. Learning this discipline is well worth the effort, because C is one of the best programming languages ever made. A disciplined C programmer will…
I have a number of long-term projects that I plan for on long timelines, on the order of decades or more. One of these projects is cozy, a C toolchain. I haven’t talked about this project in public before, so I’ll start by introducing you to the project. The main C toolchains in the “actually usable” category are GNU and LLVM, but I’m satisfied with neither and I want to build my own toolchain. I see no reason why compilers should be deep magic. Here are my goals for cozy:
C is my favorite language, though I acknowledge that it has its warts. I’ve tried looking at languages people hope will replace C (Rust, Go, etc), and though they’ve improved on some things they won’t be supplanting C in my life any time soon. I’ll share with you what makes C a great language to me. Take some of these things as inspiration for the next C replacement you write.
I’ve found myself explaining Python 3’s str to people online more and more often lately. There’s this ridiculous claim about that Python 3’s string handling is broken or somehow worse than Python 2, and today I intend to put that myth to rest. Python 2 strings are broken, and Python 3 strings are sane. The only problem is that you don’t grok strings.
I maintain a lot of open source projects. In order to do so, I have to effectively manage my time. Most of my projects follow this philosophy: if you want something changed, send a patch. If you are running into an annoying bug, fix it and send a patch. If you want a new feature, implement it and send a patch. It’s definitely a good idea to talk about it beforehand on the issue tracker or IRC, but don’t make the mistake of thinking this processes ends with someone else doing it for you.
Earlier today I released sway 0.11, which (along with lots of the usual new features and bug fixes) introduces support for security policies that can help realize the promise of a secure Wayland desktop. We also just started a bounty program that lets you sponsor the things you want done and rewards contributors for working on them.
Disclaimer: I am not a network engineer. That’s the point of this blog post, though - I want to share with non-networking people enough information about networking to get by. Hopefully by the end of this post you’ll know enough about networking to keep up with a conversation on networking, or know what to search for when something breaks, or know what tech to research more in-depth when you are putting together something new.