Bug-Catching “Smatch” Static Analysis On The Linux Kernel Under Threat Due To Funding Gap
For the past 15 years the Smatch static analysis tool has been routinely run for uncovering countless bugs within the Linux kernel. Dan Carpenter who authored Smatch and has been routinely analyzing the Linux kernel with it has authored more than 5,568 patches over the years to become one of the top bug fixers for the kernel. But his funding at Linaro has been cut and the project’s future now in question… ⌘ Read more
↳
In-reply-to
»
The gold saga on @quark's thoughts continues with https://netbros.com/1750974122. That's without any doubt the most beautiful 404 page I've ever come across in my entire life. What an overall master piece of art. Well done, mate! <3
⤋ Read More
What I wanna know at this point @bender@twtxt.net is this; What is this “Notes” thing. Is it just a uugo static site you maintain or something else? 🤔 Did you write all the CSS yourself? 😅
Why Autonomous Infrastructure is the future: From intent to self-operating systems
Executive summary: We’re at an inflection point where AI-generated code meets AI-managed infrastructure, creating truly self-sustaining systems. This convergence transforms infrastructure from static pipelines to autonomous systems that build, govern, heal, and optimize themselves. Organizations have… ⌘ Read more
↳
In-reply-to
»
I think I'm just about ready to go live with my new blog (migrated from MicroPub). I just finished migrating all of the content over, fixing up metadata, cleaning up, migrating media, optimizing media.
⤋ Read More
@prologic@twtxt.net That zs looks pretty cool! I love simple static site generators, and look forward to trying it on my next web site project. Kudos!
gomdn: Yet another Static Site Generator
Yet another Static Site Generator (SSG), but this one is mine.
It’s a stupidly simple Go program ( wc says 229 lines), more like a
hack, really, but I don’t need something like Hugo. Most of the real
work is done by the goldmark package, of course. This is mostly just a
wrapper, deciding if something needs to be rebuilt.
I’ve been using a Perl script together with cmark (originally
Markdown.pl) since forever. And before that the old [txt2tags](htt … ⌘ Read more
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.
I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.
jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.
(And this is finally a strong argument for static linking.)
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
Another example:
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument --landlock-access fs says that nothing is allowed.
--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).
--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.
The output of the ls-static program is this line:
─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.
3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.
Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:
─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
How can one write blazing fast yet useful compilers (for lazy pure functional languages)?
I’ve decided enough is enough and I want to write my own compiler (seems I caught a bug and lobste.rs is definitely not discouraging it). The language I have in mind is a basic (lazy?) statically-typed pure functional programming language with do notation and records (i.e. mostly Haskell-lite).
I have other ideas I’d like to explore as well, but mainly, I want the compiler to be so fast (w/ optimisations) that … ⌘ Read more
Pallene: a statically typed ahead-of-time compiled sister language to Lua, with a focus on performance
Comments ⌘ Read more
static site generators make website-ing so fun like i wanna do so much with my site now
that site of mine i mentioned earlier? well it’s now statically generated with astro, AND it automatically builds and deploys after i push changes to my own git instance, with the power of sourcehut builds! this is so cool
i got so emo about my site not being statically generated and instead hand coded but it’s like i don’t even know if i want that because i feel most SSGs are built for blogging and continuous posting and i don’t want that i just want to make my silly pages….
that being said, the one i’d use if i did switch to one would be astro and that one is so flexible i could really do anything with it including keeping my pages as is mostly without doing the blog stuff. idk! something to consider
made the HTML for one of my static handwritten sites semantic!
Lume 3 was released
After several months of work, I’d like to share with you the release of a new major of Lume, a static site generator for Deno. Apologies for the autopromotion 🙏
↳
In-reply-to
»
So, the “AI” bots have reached my website. Looks like they’re just slowly crawling everything at the moment – no DDoS-like attack yet. I wonder if that has something to do with my website being 100% static HTML. There are no GET parameters they can tweak and, at the end of the day, there’s not that much data on my server anyway … And maybe they have no idea what stagit is, so it doesn’t trigger “standard behavior”, like “this is a Gitea instance, let’s crawl this like crazy!”?
⤋ Read More
@movq@www.uninformativ.de LMAO the power of static pages!
So, the “AI” bots have reached my website. Looks like they’re just slowly crawling everything at the moment – no DDoS-like attack yet. I wonder if that has something to do with my website being 100% static HTML. There are no GET parameters they can tweak and, at the end of the day, there’s not that much data on my server anyway … And maybe they have no idea what stagit is, so it doesn’t trigger “standard behavior”, like “this is a Gitea instance, let’s crawl this like crazy!”?
** Rack::Static Vulnerability Exposes Ruby Servers to Data Breaches! **
Hold onto your keyboards, Ruby developers! 😱 A critical security flaw in the Rack::Static middleware has been uncovered, potentially…
[Continue reading on InfoS … ⌘ Read more
On my blog: Free Culture Book Club — Secrets in the Static https://john.colagioia.net/blog/2025/04/19/secrets-static.html #freeculture #bookclub
hello friends i spent a couple hours today using a random string generator by charm CLI called hotdiva2000 to make a script that 1) generates a static index.html page 2) the page is a prompt generator where all the prompts are from hotdiva2000!!!!!
this makes more sense if you look at it check it out
FOSDEM 2025
I recently attended the large Free and Open Source Software conference
FOSDEM 2025 in Brussels, Belgium. I went there by train, of course,
via Copenhagen, Hamburg, and Cologne. The same route back.
I lived in the rather expensive, allegedly fancy hotel Le Châtelain in
Brussels. It was really not that fancy, but they had a … ⌘ Read more
wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i don’t know how!!!!! i keep drifting towards hosting panels but i don’t exactly have fresh linux servers for those nor do i like the level of access they require. so i’m like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or something…. but then what about the dynamic sites!!!!!!! UGH
granted i doubt i’d get much interest in dynamic sites but i’d like to do this old school where i can offer people isolated mySQL databases or something for some project (i’m thinking PHP based fanlistings), which means i could do it the old school way of… people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isn’t happening
Rucknium publicly releases all OSPEAD-related documents and code after 3+ years of research
Rucknium1 has published all of the HackerOne 2 and CCS (M1-M2)3 document and code submissions related to their Optimal Static Parametric Estimation of Arbitrary Distributions (OSPEAD) 4 project, after 3+ years of research:
The OSPEAD documents and code are being publicly released now because there is now an implementable solution to the problems I raised in my … ⌘ Read more
@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.
I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤
Oasis: a small, statically-linked Linux system
You might think the world of Linux distributions is a rather boring, settled affair, but there’s actually a ton of interesting experimentation going on in the Linux world. From things like NixOS with its unique packaging framework, to the various immutable distributions out there like the Fedora Atomic editions, there’s enough uniqueness to go around to find a lid for every pot. Oasis Linux surely falls into this category. One of its main … ⌘ Read more
Run Linux inside a PDF file via a RISC-V emulator
You might expect PDF files to only be comprised of static documents, but surprisingly, the PDF file format supports Javascript with its own separate standard library. Modern browsers (Chromium, Firefox) implement this as part of their PDF engines. However, the APIs that are available in the browser are much more limited. The full specfication for the JS in PDFs was only ever implemented by Adobe Acrobat, and it contains some ridicul … ⌘ Read more
↳
In-reply-to
»
hmmm? 🤔
⤋ Read More
@prologic@twtxt.net I know! I know! 🤣 and it feels like I won’t be either, at least for a while … On the bright #Go side, I’m trying to switch everything (static web stuff and reverse-proxy) to #Caddy
Rucknium completes second milestone for OSPEAD CCS
Rucknium1 has completed2 the second milestone for their Optimal Static Parametric Estimation of Arbitrary Distributions (OSPEAD)3 CCS proposal4:
The OSPEAD initial probability density function has been transmitted to the scientific review panel, which consists of ArticMine, isthmus, and hyc.
Read the full PGP signed message on Gitlab2.
Consult the previous Monero Observer report[5](#fn: … ⌘ Read more
↳
In-reply-to
»
Finally my (web/txt)mention sender ready. Receiver i'm borrow from sorenpeter's timeline
⤋ Read More
Noice!
↳
In-reply-to
»
Any idea What's this
⤋ Read More
"twtxtfeevalidator/0.0.1" UA about? I thought I could ask before throwing a 1000GB file at it 🪤 could it be the same 'xt' thing @lyse was talking about the other day?
@lyse@lyse.isobeef.org yep, I gave it a spin locally! I freaking love the cute logo and the UI is fiiiine 👌 my TUI browsers love it just as much …
↳
In-reply-to
»
need to come up with ideas for camcorder videos... i have one but it's just 'talk in front of camera about fave songs i listened to in 2024' and i wanna do more fun things even though rambling in front of cam is already fun af
⤋ Read More
@lyse@lyse.isobeef.org yeah! as long as it’s fun :D experimenting with it like picking up the camera every once in a while to point somewhere else, or in editing inserting more video in between the static angles, that could be fun!
↳
In-reply-to
»
need to come up with ideas for camcorder videos... i have one but it's just 'talk in front of camera about fave songs i listened to in 2024' and i wanna do more fun things even though rambling in front of cam is already fun af
⤋ Read More
@lyse@lyse.isobeef.org it’d be a blast to record too with my camcorder! i’d have to figure out positioning and stuff like you said but i could probably figure something out with a bit of testing :P yeah it probably does make the project itself longer than it should be but i feel like if you make it a cozy kinda “sew with me” video where people watch you sew and film it with a static angle instead of like, showing every step? i think that’d be nice even if a bit boring. so i could absolutely try that.
magnetic tape camcorders omg!!! mine is digital but i’d LOVE to get a tape camcorder
messing with gemini again, this time a static site generator called gssg - https://git.sr.ht/~gsthnz/gssg
my capsule is linked in my profile but just in case it’s over at gemini://lazuli.sayitditto.net
↳
In-reply-to
»
For Example:
⤋ Read More
@prologic@twtxt.net Well I just mirrored yarnd’s JSON in my webfinger endpoint and lookup, so not much else to do for standardization.
And for people who don’t like PHP you can always just go with Added WebFinger support to my email address using one rewrite rule and one static file. or simply putting a static JSON in place for .well-know/webfinger
↳
In-reply-to
»
New post (mostly follow-up on the previous with a few new points) on the twtxt v2 discussion. http://a.9srv.net/b/2024-10-08
⤋ Read More
@2024-10-08T19:36:38-07:00@a.9srv.net Thanks for the followup. I agrees with most of it - especially:
Please nobody suggest sticking the content type in more metadata. 🙄
Yes, URL can be considered ugly, but they work and are understandable by both humans and machines. And its trivial for any client to hide the URLs used as reference in replies/treading.
Webfinger can be an add-on to help lookup people, and it can be made independent of the nick by just serving the same json regardless of the nick as people do with static sites and a as I implemented it on darch.dk (wf endpoint). Try RANDOMSTRING@darch.dk on http://darch.dk/wf-lookup.php (wf lookup) or RANDOMSTRING@garrido.io on https://webfinger.net
** A playground for sharing scrappy fiddles **
I shared some snippets of JavaScript in a recent blog post and was wicked irked that I didn’t have an easy way to share interactive code on my own thing…so… I made a totally static JavaScript playground for running little experiments and sharing scrappy fiddles!
It is pretty simple — it allows folks to enter and run JavaScript, includes a console so you can easily log thing … ⌘ Read more
From my bed, I can hear a noise outside that is most likely a confluence of insects and distant freight trains but sounds eerily like the static-laden cacophany of an old radio. I would go out to see what it is, but a small part of me is worried I might end up walking into an episode of “Are You Afraid of the Dark?” if I do.
↳
In-reply-to
»
I setup and switched to Headscale last night. It was relatively simple, I spent more time installing a web GUI to manage it to be honest, the actual server is simple enough. The native Tailscale Android app even works with it thankfully.
⤋ Read More
@prologic@twtxt.net Yes I suppose that is true. There is an article on Tailscale’s site that explains it all quite a bit: https://tailscale.com/blog/how-nat-traversal-works
To me, with CGNAT, it’s a small miracle that a direct connection can be made between peers (as opposed to going through a relay constantly) but it does indeed work. I guess to host it at home you would need to have it WAN accessible, and if you’ve already gone to the trouble of port forwarding etc… well 😅
Not that I could personally do that, but for those with static IPs etc.
How AI enhances static application security testing (SAST)
Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.
The post How AI enhances static application security testing (SAST) appeared first on The GitHub Blog. ⌘ Read more
Status 2024-02-25
Status report again!
Sitting in front of the wood stove in my country cottage. It’s nice
and quiet. Meanwhile it seems NordicFuzzCon is going on in Malmö.
4,000 furries. I had no idea! That seems fun!
On the other hand I just read that at least 10,000 were protesting in
Malmö today against the Israel-Palestine conflict. I’ve seen the much
smaller protest … ⌘ Read more
How to Use 134 New Aerial Wallpapers in MacOS Sonoma
macOS Sonoma arrived with 134 new stunning wallpapers available that you can use to spruce up your Mac desktop background. The giant collection of new wallpapers are themed, with wallpaper options for landscapes, cityscapes, underwater, and Earth from space. Even better, these are not just static, they’re all animated wallpapers, meaning they will briefly move … [Read More](https://osxdaily.com/2024/02/19/how-to-use-134-new-aeri … ⌘ Read more
Laptop stand
We have a decent 3D printer (Prusa MK4) at dayjob so we printed some
foldable(!) laptop stands. Here they are:
Here’s my laptop on the stands:
It’s printed in PLA and printed in one piece! ⌘ Read more
MC in the US: OSFC, SF, Seattle, Microsoft
I attended the Open Source Firmware Conference (OSFC) on Oct 10-12 in
Sunnyvale, spent a long weekend in San Francisco, took a very long
train ride to Seattle, spent a week in the Seattle area, and held an
intimate talk at Microsoft. Managed to meet friends, drink some nice
beverages, and even see a show but came home with a heavy heart. Then
tried to relax in the cottage.
ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.
The post [ICYMI: improved C++ vulnerability coverage and CodeQL support … ⌘ Read more