The full write-up can be found here and should be fairly readable for users of this forum.

Some quotes that I thought were interesting:

With a heap corruption as a primitive, two FILE structures malloc()ated in the heap, and 21 fixed bits in the glibc’s addresses, we believe that this signal handler race condition is exploitable on amd64 (probably not in ~6-8 hours, but hopefully in less than a week). Only time will tell.

So 64-bit systems seem to be a bit more resistant to this it seems? But I can’t be completely sure given how much I’ve read about this yet.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges. We have not investigated any other libc or operating system; but OpenBSD is notably not vulnerable, because its SIGALRM handler calls syslog_r(), an async-signal-safer version of syslog() that was invented by OpenBSD in 2001.

It seems that non glibc-based systems also could be vulnerable, but they have not yet tried to demonstrate it yet (or have tried and not been successful).

And OpenBSD wins again it seems.

I would vote for docker as well. The last time I had to inherit a system that ran on virtual machines, it was quite a pain to figure out how the software was installed, what was where in the file system, and where all the configuration was coming from. Replicating that setup took months of preparation.

By contrast, with Docker, all your setup is documented. The commands that were used to install our software into the virtual machines and were long gone are present right there in the Docker file. And building the code? An even bigger win for Docker. In the VM project, the build environment for the C++ portion of our codebase was configured by about a dozen environment variables, none of which were documented. If it were built in Docker, all the necessary environment variables would have been right there in the build environment. Not to mention the build commands themselves would be there too, whereas with VMs, we would often have developers build locally and then copy it into the VM, which was terrible for reproducibility and onboarding new developers.

That said, this all comes down to execution - a well-managed VM system can easily be much better than a poorly managed Docker system. But in general, I feel that Docker tends to be easier to work with than a VM. While Docker is far from flawless, there are a lot more things that can make life harder with VMs, at least from my experience.

Just in case this comment didn’t make it explicitly clear, you can just invoke the python binary inside your venv directly and it will automatically locate all the libraries that are installed in your virtual environment.

To show how this works, you can look at the sys.path variable to see which paths python will search for modules when you run import statements. Try running python3 -c 'import sys; print(sys.path)' using your system python, and you will only see system python library paths. Then, try running it again after replacing python3 with the full path to the python3 binary in your venv, and you will see an additional entry in the output with the lib directory in your venv, which shows that python will also look there for modules when an import statement is executed.

From my reading, it sounded like there was some controversy around whether it was ready to be merged it not. It sounded like some people felt that it wasn’t ready, but Linus decided to overrule them and merge it, saying it was ready enough and that merging it would help them improve it more rapidly.

Don’t worry everyone, I’m here to help:

Mail

Garbage

Outlook

Hot Garbage

Outlook (new)

Shit-tier garbage

Glad to be of service! Until next time…

I only briefly dabbled with Arch >10 years ago. But it has always been evident that it is an incredibly powerful distro. The fact that its wiki is so extensive is a testament to how much people are using it. The problem it has always had is that most companies tend to support other ones (Debian, Ubuntu, Red Hat/Fedora, Alpine), so it never really had any corporate love. With Valve’s backing, we can see just how widespread Arch could be if it had more money behind it.

Not that this is necessarily a good thing of course. Look at how money has corrupted Ubuntu and Red Hat. All I want to point out is that it can do anything that the most well-supported distros try to do. And the fact that it has done so without any corporate support is a true testament to how powerful it is.

This is quite cool. I always find it interesting to see how optimization algorithms play games and to see how their habits can change how we would approach the game.

I notice that the AI does some unnatural moves. Humans would usually try to find the safest area on the screen and leave generous amounts of space in their dodges, whereas the AI here seems happy to make minimal motions and cut dodges as closely as possible.

I also wonder if the AI has any concept of time or ability to predict the future. If not, I imagine it could get cornered easily if it dodges into an area where all of its escape routes are about to get closed off.

This is quite cool and a very interesting read. I’m not sure if it’s something I would want to use in a real project, because it looks like you’re basically inventing a new language within Python’s type system itself, which is a little weird. That said, I feel like I learned a lot from reading this, and it was a very interesting demonstration of what you can do with Python’s type-checking system.

Xournal - a great way to draw on pdfs

There is no way to make a network request faster than a function call.

Apologies in advance if this it too pedantic, but this isn’t necessarily true. If you’re talking about an operation call that takes ~seconds to run, then the network overhead is negligible. And if you need specialized hardware for it, then it definitely could be delegate it out to a separate machine over the network. Examples could include requiring a GPU, more RAM, or even a faster CPU if your main application is running on more power-efficient CPUs.

I’m not saying that this is true in every case - they are definitely niche cases. But I definitely wouldn’t say that network requests are never faster than local function calls.

Agreed on all points. I think some of the issues that you’re facing are things that would be resolved if Ocaml were more popular. But some others would be harder to fix without making breaking changes to the language as I mentioned earlier. If I had to put it as succinctly as possible, I’d say that the language just needs a lot more polish which would probably happen if it were more mainstream. But not all languages have to be mainstream, and maybe Ocaml’s purpose in the world is, as you put it, to inspire other languages. It is definitely extremely good at that!

No one has said Ocaml yet, so I will. It’s not a perfect language, but it has a lot of cool ideas and concepts. It’s a functional language, but allows you to write imperative code when you want to. Algebraic data types and type matching are built natively into the language and work very nicely. It’s type inference capabilities are very powerful (though that can backfire at times), and the |> operator is really, really fun to use. It also has very powerful module/functor capabilities, though they go a bit over my head since I haven’t had a chance to play with them. Also, Opam is a very powerful package manager and it’s pretty easy to wrap/bind external libraries with it.

I’d love to see some improvements to the language - the syntax is a bit confusing and ugly at times (but this unfortunately can’t be fixed without breaking the language of course) - but overall I think I’d have a lot more fun programming in Ocaml than what I do in my day job.

Those documentaries are great findings (and really really interesting). I would highly suggest posting them to the channel (or I would be happy to if you don’t mind)

And ofc, Microsoft is well aware and is not interested in letting that happen.

This is true, but there are only so many times that they can pull off what they did in Munich. If enough cities keep trying at this, there’s no way they’re going to be able to hold the floodgates back forever.

I’m usually a pessimist, but stories like this actually do get my hopes up

I’m really curious to know which version of KDE Microsoft was copying that gave them the idea to insert ads in the first place…

Win98 had themes, and they were absolutely fantastic!!

Opt in??! Before you know it, you’re going to suggest that we start to respect our users!!

Agreed, Linux is quite popular in academia, particularly in any technical field. A lot of scientific software has to run on Linux because of supercomputers, and especially a lot of open source software is Linux only. So a lot of students run Linux for convenience, and a lot of computer labs run Linux as well. Of course, there’s also the fact that lots of people just think Linux is better than the alternatives, and they’re more likely to try new things when they’re at a university student’s age.

So I feel like that would probably be a significant contribution to the 2% that’s being reported

Just updated on void and saw the same thing

My advice would be to learn C first (or at least develop a good understanding of it). It’s extremely important to understand how memory works in C so that you can understand pointers in C++; and also important to understand how functions work so you can understand classes and methods in C++. I would go through The C Programming Language. It’s fairly concise and while you don’t have to go through it cover to cover, you should at least understand the chapters on structs, pointers and functions (up to chapter 6, I believe).

(Note that the wikipedia link that I posted above has a link to the full text of the book in pdf format.)

The reason why I think it’s important to understand C is because when you learn C++, then you’ll understand how the language abstracts over a lot of the lower-level functionality in C. new in C++ supplants malloc in C for example, and your understanding of functions in C will map to more complicated concepts like constructors, destructors, copies, methods, and operators in C++. At this point, I would probably start learning how classes in C++ work. They’re basically structs with private member variables and methods defined in the scope of the class. learncpp.com, is the best reference that I’m aware of (it’s very thorough, which makes for a pretty slow read, but you’ll understand it very well). I would probably start with chapter 14 (introduction to classes), and then go back to the earlier chapters to fill in the gaps, but this is more dependent on how you think you learn best.

Be aware though, that if you don’t have existing experience with OO development, then C++ is (in my opinion) not a great language to start learning it, because a lot of it is hacked on top of C and implemented in arcane ways in order to maintain compatibility with C. The first language I learned was Java, and it was really helpful to have that as a background for when I learned C/C++. I’m only familiar with Javascript on a procedural programming level, so I’m not aware of its OO functionality or how well that will translate to C++, but hopefully it works out.

Good luck!