cmeerw 2 months ago • 100%
at least you could keep their reviews so users could at least know if the app can be trusted.
You mean, don't trust a flatpak uploaded by a random person, but if there are enough fake reviews, it can be trusted?
cmeerw 2 months ago • 100%
No mention of Reflection which was passed to the Core Working Group for wording review, or senders/receivers (on the library side) which was actually voted into the working paper.
cmeerw 2 months ago • 100%
Huh? There is no such alternation between new features and feature freeze releases. In fact, C++26 will very likely get reflection as a major new feature. In comparison, the biggest core language feature in C++23 was probably "deducting this (explicit object member functions)".
The only thing that keeps Contracts out of C++26 is that they might not be finished in time (they'll need to be handed over from Evolution to Core by the February 2025 meeting, and then make it through Core review during the summer 2025 meeting).
cmeerw 2 months ago • 100%
... except when ISO delays publication of the standard.
cmeerw 3 months ago • 100%
Can anyone explain why there is such a huge difference in some of the benchmarks: Poll, Forking, CPU Cache, Semaphores, Socket Activity, Context Switching (all Stress-NG). Can we really trust these tests?
devblogs.microsoft.com
cmeerw 4 months ago • 100%
Depends on what semantic you want. Sure, if you use a unique_ptr member, you will get a deleted copy constructor/operator - I wouldn't consider that blowing up in my face.
cmeerw 4 months ago • 100%
And even the presented fix hurts my eyes. Should have used a unique_ptr or optional.
cmeerw 4 months ago • 100%
Yes, it's not Open Source, but I am not sure that's really relevant here. I see it more as a prototype implementation for something that could be standardised for C++.
cmeerw 4 months ago • 100%
The linked tweet links to the recording, but it has apparently also been uploaded to YouTube: https://youtu.be/5Q1awoAwBgQ
Anyone else noticing all those broken icons/images on this instance? e.g. https://programming.dev/pictrs/image/1e947440-0f0d-4768-ba4b-1480551e7cc9.png?format=webp&thumbnail=96 seems to result in something like "Request error: error sending request for url (http://pictrs:8080/image/process.webp?src=1e947440-0f0d-4768-ba4b-1480551e7cc9.png&thumbnail=96): error trying to connect: dns error: failed to lookup address information: Name or service not known"
Please take 10 minutes or so to participate! A summary of the results, including aggregated highlights of common answers in the write-in responses, will be posted publicly here on isocpp.org and shared with the C++ standardization committee participants to help inform C++ evolution. The survey closes in one week.
The NetBSD project is pleased to announce the eighteenth major release of the NetBSD operating system [NetBSD 10.0](https://cdn.netbsd.org/pub/NetBSD/NetBSD-10.0/)! See the [release announcement](https://www.netbsd.org/releases/formal-10/NetBSD-10.0.html) for details.
The NetBSD project is pleased to announce the fourth (and probably last) [release candidate](https://cdn.netbsd.org/pub/NetBSD/NetBSD-10.0_RC4/) of the upcoming 10.0 release, please help testing! See the [release announcement](https://www.netbsd.org/releases/formal-10/NetBSD-10.0.html) for details.
eu.chuwi.com
Anyone got any experience with running Linux on a Chuwi Freebook N100 yet?
This is a bug-fix release with no new features. * Changes in Specialized Modes and Packages in Emacs 29.2 * Tramp * New user option 'tramp-show-ad-hoc-proxies'. When non-nil, ad-hoc definitions are kept in remote file names instead of showing the shortcuts. * Incompatible Lisp Changes in Emacs 29.2 * 'with-sqlite-transaction' rolls back changes if its BODY fails. If the BODY of the macro signals an error, or committing the results of the transaction fails, the changes will now be rolled back.
Privacycmeerw 8 months ago • 100%
Also the location of known Wifi networks.
For RC3 only few (relatively) minor changes were made, including https certificate verification in libfetch (which is used by pkg_ad(1)), and also improvements to the EFI bootloader to better deal with booting from CD (or in virtual machines ISO images), plus lots of various bug fixes.
Programming
OpenD, a fork of D
cmeerw 9 months ago • 100%
Embracing the GC
I never actually liked the GC in D as it didn't seem to fit in with the general direction of the language, and Walter Bright in D at 20: Hits and Misses says:
Miss: Emphasis on GC
The NetBSD project is pleased to announce the second (and probably last) [release candidate](https://cdn.netbsd.org/pub/NetBSD/NetBSD-10.0_RC2/) of the upcoming 10.0 release, please help testing! See the [release announcement](https://www.netbsd.org/releases/formal-10/NetBSD-10.0.html) for details. The netbsd-10 release branch is more than a year old now, so it is high time the 10.0 release makes it to the front stage. This matches the long time it took for the development branch to get ready for branching, a lot of development went into this new release. This also caused the release announcement to be one of the longest we ever did.
Selfhosted
Linode Alternative Suggestions for Small Projects
cmeerw 9 months ago • 100%
There is also lowendspirit, but in both cases you have to be very careful what you buy - not everything that is advertised there will work as advertised or will work long-term
Selfhosted
Linode Alternative Suggestions for Small Projects
cmeerw 9 months ago • 100%
where they will double your monthly data limit for free when you comment your order number.
where they use you to spam the forum thread (for giving away something rarely anyone has any use for)
cmeerw 9 months ago • 100%
So they actually rewrote The Hurd in Rust.
Security Operations
Introducing SMTP Smuggling: A novel technique for spoofing e-mails
cmeerw 9 months ago • 100%
Prepare for a humongous inrush of spam before servers patch this one.
But it's already patched by GMX and Microsoft.
As far as I understand it, it doesn't affect single mail servers, but only mail systems where you have separate inbound and outbound servers and the outbound servers trust the data they get from the inbound servers.
Security Operations
Introducing SMTP Smuggling: A novel technique for spoofing e-mails
cmeerw 9 months ago • 100%
Not sure how many get the joke in "Figure 23: Typical Austrian reaction after receiving a spoofed e-mail":
OIDA
😂
cmeerw 9 months ago • 80%
There is no reason to “hate” Ubuntu but there are better choices.
What are those better choices then (for those who currently use the non-LTS Ubuntu releases and don't want to move to rolling releases or LTS-only releases)?
cmeerw 9 months ago • 75%
I still think Ubuntu is the best option (particularly if you want to use the non-LTS releases)
Having said that I do hate snaps and also dislike flatpaks. So what I do is just use the Firefox deb package from the PPA and the chromium package from Linux Mint. Oh, and I have actually replaced ubuntu-advantage-tools with a no-op dummy package.
Linux
Can one recover from an accidental rm -rf of system directories by copying those files back in from a backup?
cmeerw 9 months ago • 100%
Only issue is they’re stored in my server as belonging to the server user (I assume everything in those directories should belong to root and I can just use chown?) But I also don’t know if they retain the same permissions when backed up.
Not everything will be owned by root, and some of the binaries will be setuid or setgid, some might even have extended attributes (e.g. ping will usually have a security.capability attribute). /var will also have a lot of different owners.
Selfhosted
XMPP Server?
cmeerw 10 months ago • 33%
Open Source
Gitea launches cloud service to provide a secure alternative to GitHub and GitLab
cmeerw 10 months ago • 96%
"secure alternative"? Others are not secure?
Programming
What's the biggest change you would like to see in computing/tech?
cmeerw 10 months ago • 100%
Pretty much anything that's only available via an app store. The difference with web apps is that I can also use them on a laptop/PC and I have a bit more control about tracking (by using ad/tracking blockers).
Programming
What's the biggest change you would like to see in computing/tech?
cmeerw 10 months ago • 96%
not being forced to have an Android or Apple smartphone, so more open standards and just Web apps instead of proprietary apps
cmeerw 11 months ago • 100%
replaced it myself - it's not actually that difficult to do
cmeerw 11 months ago • 100%
I actually replaced the display twice already (got a replacement from Aliexpress for around $16) - first time because the touchscreen failed and second time because I smashed it.
cmeerw 11 months ago • 100%
Sony z3c with FirefoxOS and a Samsung A5 with Tizen
Linux
The Paperweight Dilemma: Original Pinephone might lose future kernel updates if devs can't pay down tech debt
cmeerw 11 months ago • 100%
And mainline Linux and a Linux Desktop is still struggling today with power management. Like getting chat messages while it’s asleep.
And the really sad thing is that the power management improvements devs have been working on for the PinePhone are really very specific to that particular device and don't help mobile Linux in general (so it's basically wasted effort).
cmeerw 11 months ago • 100%
P1967R11 #embed - a scannable, tooling-friendly binary resource inclusion mechanism might make it into C++26
Selfhosted
Best free/cheap web host for DIY email
cmeerw 11 months ago • 100%
I use them as IMAP storage for a few mailing lists I am subscribed to (but not for my main emails), but they do reject legitimate emails from time to time (not often, but it does happen - and those emails don't show up in "Spam" or any logs).
cmeerw 11 months ago • 100%
similar thing with requires requires { ...
and you can nest it even further: requires requires { requires ...
Selfhosted
Best free/cheap web host for DIY email
cmeerw 11 months ago • 100%
I have had pretty good experience with hosting an email server on AlphaVPS, InceptionHosting and just now GreenCloudVPS.
GreenCloudVPS currently have a promotion until Sunday, and there are usually promotions around Black Friday on LowEndSpirit and LowEndTalk
cmeerw 11 months ago • 100%
Only public keys get exchanged via Meta's servers, those keys don't help you with trying to decrypt any messages (you need the corresponding private key to decrypt - and that private key stays on the device).
Sure, they could just do a man in the middle, but that can be detected by verifying the keys (once, via another channel).
cmeerw 11 months ago • 100%
Maybe so, but in this case the point was that the protocol used by WhatsApp hasn't changed in that time and it's still what they describe in their security whitepaper. If you want to use that software as is or maybe reimplement it based on that is up to you.
cmeerw 11 months ago • 100%
Governments, if they want, can decrypt any chat
Any source for that claim?
cmeerw 11 months ago • 83%
In a subpoena case in India, that turned out to be not true.
Source please.
WhatsApp admins hold keys to being able to do that under law pressure.
How do they get the keys?
They only guarantee it for 1-1 messages and statuses, and against “generic” actors for group chats…
Who is "they"?
cmeerw 11 months ago • 100%
Group chats are also end-to-end encrypted in WhatsApp (so any monitoring would need to be done in cooperation with one of the participants' devices before encryption or after decryption)
cmeerw 11 months ago • 100%
declassified internal FBI document I just linked
don't see any such link
cmeerw 11 months ago • 100%
It still works (with a few minor updates).
cmeerw 12 months ago • 100%
yowsup is an Open Source implementation of the WhatsApp protocol. So there is proper end-to-end encryption on the protocol level - that would only leave the possibility of having a backdoor in the "official" WhatsApp client, but none has been found so far. BTW, people do actually (try to) decompile the WhatsApp client (or the WhatsApp Web client which implements the same protocol and functionality) and look what it is doing.
For anyone really curious, it's not too difficult to hook into the WhatsApp Web client with your web browsers Javascript debugger and see what messages are sent.
cmeerw 12 months ago • 100%
It’s no secret that WhatsApp adopted Signal’s encryption protocol just before Meta acquired them, but since it’s all closed source we don’t know if they’ve changed anything since the announcement in 2016 that all forms of communications on WhatsApp are now encrypted and rolled out.
There is an Open Source implementation of the WhatsApp protocol: yowsup
after some unusual rough days for the netbsd-10 branch last week, we now have a state that is building fine again and all tests look as expected. We also made great progress on the icky DRM/KMS issues and overal stability. The tricky pullups are done (thanks to everyone who helped with it), and package builds are going - so now it looks like we will be able to switch from BETA to release candidate state soonish. See [https://wiki.netbsd.org/releng/netbsd-10/](https://wiki.netbsd.org/releng/netbsd-10/) for the current list of bad bugs we are facing and the amount we dealt with already. Quite a lot of the DRM/KMS releated ones are in feedback state and have just been pinged - hopefully more of them will be closed soonish. Realistically this is close to as good as we will get the branch for a 10.0 release - so we are now looking at a release date very early in october.
Not sure what others are doing to use Ubuntu (23.04) without snaps, but this is what I am doing: - for Firefox I found a guide [here](https://balintreczey.hu/blog/firefox-on-ubuntu-22-04-from-deb-not-from-snap/) - for chromium I am actually using the Linux Mint packages (which work absolutely fine), and I have just set up a small repository I can add to apt: ``` deb [arch=amd64 allow-insecure=yes] http://snapless.cmeerw.net victoria upstream ``` - this just syncs from Linux Mint and only republishes chromium in the Packages file (with downloads redirected to a Linux Mint mirror). BTW, I am not signing these... What are others doing?
pure GTK front-end, built-in support for the massively popular Language Server Protocol via eglot, and built-in support for TreeSitter.
* [NetBSD-SA2023-006](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-006.txt.asc) KDC-spoofing in pam_krb5 * [NetBSD-SA2023-005](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-005.txt.asc) su(1) bypass via pam_ksu(8) * [NetBSD-SA2023-004](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-004.txt.asc) procfs environ exposure * [NetBSD-SA2023-003](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-003.txt.asc) Structure padding memory disclosures * [NetBSD-SA2023-002](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-002.txt.asc) Various compatibility syscall memory access issues * [NetBSD-SA2023-001](https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-001.txt.asc) Multiple buffer overflows in USB drivers-----
Just noticed that on my (low-end) laptop I get fairly high CPU usage from the browser tab for https://programming.dev So thought I look what it's doing via Chromium's DevTools and there is a constant stream of activity. Looking at the websocket messages, it looks like it's syncing all messages from the server (even for communities I am not subscribed to) to my browser tab (probably every time I reload the page?) Seriously, that can't be how it's supposed to work - and certainly won't scale? What is going on? Any ideas? Just one random message from the Websocket (and I am certainly not subscribed to "animals"): ``` { "post_view": { "post": { "id": 85854, "name": "Happy sunday from those two sunshines", "url": "https://feddit.de/pictrs/image/af5f9c55-a257-46a5-8f5b-01a19b13239f.jpeg", "body": "I will try not to overload this community with pictures of the guinea pig gang, but I can't promise anything.", "creator_id": 34228, "community_id": 350, "removed": false, "locked": false, "published": "2023-06-18T10:36:43.876949", "updated": null, "deleted": false, "nsfw": false, "embed_title": null, "embed_description": null, "embed_video_url": null, "thumbnail_url": "https://beehaw.org/pictrs/image/aaaefb47-ab90-418f-814b-c63086b746f8.jpeg", "ap_id": "https://feddit.de/post/908703", "local": false, "language_id": 0, "featured_community": false, "featured_local": false }, "creator": { "id": 34228, "name": "November", "display_name": null, "avatar": "https://feddit.de/pictrs/image/ad41ccb1-9fb7-4615-bea4-9dafa4a3cc20.jpeg", "banned": false, "published": "2023-06-12T05:45:00.284014", "updated": null, "actor_id": "https://feddit.de/u/November", "bio": null, "local": false, "banner": null, "deleted": false, "inbox_url": "https://feddit.de/u/November/inbox", "shared_inbox_url": "https://feddit.de/inbox", "matrix_user_id": null, "admin": false, "bot_account": false, "ban_expires": null, "instance_id": 6 }, "community": { "id": 350, "name": "animals", "title": "Animals and Pets", "description": "Pretty self explanatory. Post animals, post pets, post stuff about animals and pets!\n\n---\n\nThis community's icon was made by Aaron Schneider, under the [CC-BY-NC-SA 4.0 license](https://creativecommons.org/licenses/by-nc-sa/4.0/).", "removed": false, "published": "2023-06-06T23:15:43.737680", "updated": "2023-06-16T19:33:12.626731", "deleted": false, "nsfw": false, "actor_id": "https://beehaw.org/c/animals", "local": false, "icon": "https://beehaw.org/pictrs/image/fc62ef62-657e-4ab8-ae33-b32cc20e4dc0.png", "banner": null, "hidden": false, "posting_restricted_to_mods": false, "instance_id": 5 }, "creator_banned_from_community": false, "counts": { "id": 30595, "post_id": 85854, "comments": 13, "score": 64, "upvotes": 64, "downvotes": 0, "published": "2023-06-18T10:36:43.876949", "newest_comment_time_necro": "2023-06-18T23:01:59.286120", "newest_comment_time": "2023-06-18T23:01:59.286120", "featured_community": false, "featured_local": false, "hot_rank": 34, "hot_rank_active": 80 }, "subscribed": "NotSubscribed", "saved": false, "read": false, "creator_blocked": false, "my_vote": null, "unread_comments": 13 } } ```
first few C++26 core language features have been voted into the C++ Working Draft at the Varna meeting: * P2738R1 constexpr cast from void*: towards constexpr type-erasure * P2741R3 User-generated static_assert messages * P2169R4 A nice placeholder with no name