flak rss random

some more books 1

There was a lot happening here. The summaries started getting really unwieldy. Just listing all the relevant names in some cases would stretch to several paragraphs. I’ve tried to streamline things a bit, but tons of great material has been cut out.

more...

Posted 24 Aug 2019 20:51 by tedu Updated: 24 Aug 2019 20:51
Tagged: bookreview

some gerc notes

gerc (good enough revision control) is a partial reimplementation of mercurial. Between got and bitbucket, it seems source control is back in the news. Here are some scattered notes about gerc and its development. It’s not complete or recommended for use, so don’t expect much.

more...

Posted 21 Aug 2019 15:50 by tedu Updated: 21 Aug 2019 15:50
Tagged: go programming project

some more books 0

Two years ago, I read some books. It’s kind of hard to believe it’s been two years since then; I was sure it was only one year ago. Guess that means it’s time to try again. Reading five books seemed a little frantic at times, and two or three is probably a better pace for me, so this time I’ll be reading five books again.

more...

Posted 12 Aug 2019 12:50 by tedu Updated: 12 Aug 2019 12:50
Tagged: bookreview

changing defaults and removing options

Times change and programs must change with them. Altering or removing functionality however risks breaking backwards compatibility. A few examples.

more...

Posted 08 Aug 2019 18:14 by tedu Updated: 08 Aug 2019 18:53
Tagged: openbsd programming

ActivityPub as it has been understood

If you’re looking to move beyond the silos of social media sites run by individual companies, you’re maybe looking for federation, which allows multiple sites to communicate and interoperate with each other. You post a photo on this site, your friends on another site can share it, your family on a third site can comment on it. Assuming that’s what you want.

more...

Posted 06 Aug 2019 15:54 by tedu Updated: 19 Aug 2019 15:56
Tagged: activitypub web

AP networking

Some more notes about networking between federated ActivityPub servers. A brief overview covered a fairly typical exchange to transfer a post from one server to another. Here’s a few more details, how following works, and some more notes about addressing and delivery.

more...

Posted 01 Aug 2019 14:17 by tedu Updated: 06 Aug 2019 15:29
Tagged: activitypub web

activity notes

So you have an ActivityPub actor and you want to say something. What are you going to post? Might I suggest a Note?

more...

Posted 17 Jul 2019 19:32 by tedu Updated: 06 Aug 2019 19:57
Tagged: activitypub web

Deconstruct 2019 day 2

The conference continues from day 1.

more...

Posted 13 Jul 2019 01:12 by tedu Updated: 13 Jul 2019 02:59
Tagged: event review software

Deconstruct 2019 day 1

Some notes from the first day of Deconstruct Conf 2019 which is an annual conference in Seattle organized and hosted by the eternally optimistic Gary Bernhardt.

more...

Posted 12 Jul 2019 00:14 by tedu Updated: 13 Jul 2019 01:13
Tagged: event review software

fixing telnet fixes

There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.

Here are three new lines, after the patch.

                unsigned int buflen = strlen(hbuf) + strlen(cp2) + 1;
		cp = (char *)malloc(sizeof(char)*buflen);
		snprintf((char *)cp, buflen, "%s%s", hbuf, cp2);

1. The first line is indented with spaces while the others use tabs.

2. The correct type for string length is size_t not unsigned int.

3. sizeof(char) is always one. There’s no need to multiply by it.

4. If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)

5. Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.

6. Return value of malloc is not checked for NULL.

7. No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?

8. The whole operation could be simplified by using asprintf.

9. Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.

Posted 11 Jul 2019 04:13 by tedu Updated: 11 Jul 2019 04:13
Tagged: c programming