There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

PSA: There’s New Character Bug That Can Cause iPhones to Crash
There is a new character bug that can result in a respring on the iPhone or iPad, reports TechCrunch. Typing “”:: in the search field after swiping over to the App Library will cause the Springboard to reset, dropping you back at the ‌iPhone‌’s Lock Screen. A respring is not a full reset, and it only … ⌘ Read more

From object transition to RCE in the Chrome renderer
In this post, I’ll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post From object transition to RCE in the Chrome renderer appeared first on The GitHub Blog. ⌘ Read more

@bender@twtxt.net Is it so maxed out you couldn’t fit a pretty small program like Headscale on it? Headscale by itself and only personal home type use as far as amount of peers go, it really isn’t noticeable I don’t think resource-wise. The Docker version I guess could be a different story.

chronod on Mac – High CPU Use & Network Access Requests Explained
Some Mac users occasionally discover the ‘chronod’ process in MacOS is either consuming a large amount of system resources, or is requesting access to network connections. Sometimes chronod is flagged by overly zealous anti-virus apps as well. While there are plenty of people who ignore this kind of thing, another curious type of Mac user … [Read More](https://osxdaily.com/2024/07/25/chronod-on-m … ⌘ Read more

So dissatisfied and disappointed with the Fairphone 4’s audio issues where during phone calls, the receiver only gets half of the messages due to noise cancellation problems, that we’re considering iPhone as a valid “it just works” replacement. Especially since the iPhone15 now also has the USB Type C port.

Go singlefight 源碼詳解
寫在前面 通俗的來說就是 singleflight 將相同的併發請求合併成一個請求，進而減少對下層服務的壓力，通常用於解決緩存擊穿的問題。詳解基礎結構—-golang.org/x/sync/singleflight singleflight 結構體：type call struct { wg sync.WaitGroup // 這些字段在 WaitGroup 結束前寫入一次 // 只有在 W ⌘ Read more

** The story of life **
Or at least the story of life as I implemented it in swift recently as a little learning project because I haven’t written any swift since walking away from mobile dev a few years ago (no regrets)!

First there was the universe! Well, first there was some requisite boilerplate, but then there was the universe! A 2 dimensional grid, an array of 10 columns and 10 rows.

”`hljs swift
import Foundation

let rows: IntRead more”`

在 Go 中如何讓結構體不可比較？
最近我在使用 Go 官方出品的結構化日誌包 slog 時，看到 slog.Value 源碼中有一個比較好玩的小 Tips，可以限制兩個結構體之間的相等性比較，本文就來跟大家分享下。在 Go 中結構體可以比較嗎？在 Go 中結構體可以比較嗎？這其實是我曾經面試過的一個問題，我們來做一個實驗：定義如下結構體：type Normal struct { a string B int}使用這個結構體分別聲明 ⌘ Read more

Go: 深入探究 uintptr 類型
Go 語言作爲一種靜態類型、編譯型語言，其獨特的類型系統爲編程提供了強大的支持。在衆多類型中，uintptr 是一個較爲特殊的類型，它用於存儲指針值的整數表示。本文將詳細介紹 uintptr 的概念、使用場景及其與普通指針類型的區別。uintptr 的定義與特性在 Go 語言中，uintptr 是一個無符號整數類型，其大小足以存儲任意指針的位模式。具體來說，uintptr 的定義如下：type u ⌘ Read more

Apple’s Phone App Finally Supports T9 Dialing in iOS 18
T9 dialing, or Text on 9 keys, is a predictive text technology that emerged in the 90s to make it easier to type text messages on devices with limited input options, such as traditional mobile phones with numeric keypads. Each number key (2-9) on a T9 keypad is mapped to a set of letters. For example, the key “2” corresponds to “ABC,” “3” to “DEF,” and so on.

![](https://images.macrumors.com/article-new/2024/06/t9-dialing-phone-keypad-ios- … ⌘ Read more

I just typed something that took me a while to enter, hit post, and lost everything because I was logged out. Can that be disabled? Let me be logged in for as long as I want (or for a very long time), unless I hit logout, or account for the previously entered text, and present it (or run the post action), after having to re-login?

Go 中空結構體的用法，我幫你總結全了！
在 Go 語言中，空結構體 struct{} 是一個非常特殊的類型，它不包含任何字段並且不佔用任何內存空間。雖然聽起來似乎沒什麼用，但空結構體在 Go 編程中實際上有着廣泛的應用。本文將詳細探討空結構體的幾種典型用法，並解釋爲何它們在特定場景下非常有用。空結構體不佔用內存空間首先我們來驗證下空結構體是否佔用內存空間：type Empty struct{}var s1 struct{}s2 := E ⌘ Read more

全面解析 Go 語言 Channel：面試必備知識點
一、channel 的整體結構圖1、channel 結構圖 channel 本質是一個 hchan 這個結構體 type hchan struct { buf unsafe.Pointer // points to an array of dataqsiz elements sendx uint // send index recvx uint ⌘ Read more

There are apparently dedicated “fireproof” external hard drives available that do this, and this coincidentally-timed piece suggests I might be able to get closer to what I was thinking in the not-too-distant future: https://www.pcgamer.com/hardware/ssds/researchers-have-developed-a-type-of-flash-memory-storage-that-can-withstand-temperatures-higher-than-the-surface-of-venus/

Go 線程同步
線程同步—-通常在 Go 語言中有兩種方法可以用來做線程同步sync.Cond channel channel 的很好理解，當我們從一個 channel 中接收數據的時候，如果裏面沒有數據，那我們直接就阻塞在那裏了；在這篇文章中就來看看怎麼使用 sync.Cond 完成同步sync.Cond———「定義結構體和方法」type BlueberryInt struct { ⌘ Read more

DSGW-130: A Voice-Control Enabled Touchscreen Control Panel for Smart Homes
DSGW-130: A Voice-Control Enabled Touchscreen Control Panel for Smart Homes
The DSGW-130 Zigbee Touch Screen Control Panel by Dusun is a compact device designed for smart home automation. Measuring 86mm by 86mm, it fits into an 86-type junction box, replacing traditional wall switches. It supports Zigbee 3.0, facilitating the integration and management of Zigbee devices into smart homes. ⌘ Read more

Gorm 源碼解析
我們先通過一張圖來看 Gorm 核心主流程。gorm 主流程1. 初始化 DB 連接—————-使用 database.sql 初始化連接。我們平時所說的數據庫驅動其實就是每個數據庫對 DSN 不同的解析方式，最終底層都是使用的 TCP 建立起數據庫連接。type Connector interface { Connect(context.Context) (Conn, err ⌘ Read more

cum catano!

Image

What do Blue Underlines on Text Mean in Microsoft Edge?
If you use Microsoft Edge as your web browser, whether for free GPT 4 access or and DALL-E use, for cross-platform syncing, or any other reason, you may have noticed that you will often see blue underlined text when you’re typing within the browser. If you’re like me, you’re probably wondering what on earth the … Read More ⌘ Read more

What’s a PXM File & How Do You Open It?
File types and file formats can be a bit of a mystery, especially when you stumble into a file that you don’t necessarily recognize. One such case that you may come across is a file that has a .pxm file extension, and if you haven’t heard of a PXM file before you understandably might be … Read More ⌘ Read more

Go 1-22 的新增功能系列之一：cmp-Or
截至撰寫本文時，Go 1.22 已經發布幾個月了。早就該結束我爲 1.22 所做的工作的系列了。抱歉耽擱了這麼久，我最近忙於生活事務。如果您錯過了我關於 reflect.TypeFor(https://blog.carlana.net/post/2024/golang-reflect-type-for/) 和 slices.Concat(https://blog.carlana.net/post/ ⌘ Read more

訪問 Golang 私有函數、方法、類型和變量
本文譯自 Yarden Laifenfeld 的 Accessing Private Functions, Methods, Types and Variables in Go https://medium.com/@yardenlaif/accessing-private-functions-methods-types-and-variables-in-go-951acccc05a6你 ⌘ Read more

深入 Go interface: Duck Typing 和多態
Duck Typing鴨子類型（Duck Typing）是一種編程概念，關鍵在於根據對象的行爲來確定其類型。通常的解釋是通過一個巧妙的例子：根據對象的行爲來判斷它是否是一隻鴨子。如果它游泳像鴨子、嘎嘎叫像鴨子，那麼它就可以被認爲是一隻鴨子。動態語言如 Python 和 JavaScript 自然支持這種特性，但與靜態語言相比，動態語言缺乏重要的類型檢查。Go 語言的接口設計與鴨子類型概念密切相關， ⌘ Read more

The Best Way to Clean a MacBook Air Keyboard: Microfiber Cloth & KeyboardCleanTool
Cleaning the keyboard on a MacBook Air is an essential task, but it can be challenging if you’re trying to avoid unintended keypresses. If you don’t want to type out a bunch of nonsense gibberish from cleaning the keyboard, or accidentally activated a mystery keystroke, then consider using a Mac app to lock down the … [Read More](https://osxdaily.com/2024/04/13/best-way-clean-macbook-ke … ⌘ Read more

How to Use the Apple Watch Keyboard: Typing on Apple Watch Directly, & with Dictation, or iPhone
The Apple Watch may be small and on your wrist, but believe it or not the Apple Watch also has a keyboard. Yes, even with the small screen, you can use a full size QWERTY keyboard on Apple Watch to type things out, whether it’s a quick response to a message, or an email. In … Read More ⌘ Read more

I’m this close to making an Android app for managing a shopping list.

I just accidentally deleted the wrong list in the app that I’m currently using, and now there’s no way to get it back. Recreating it is a major pain, because typing on a phone sucks ass. Fuck.

Maybe I should just go back to using pen and paper …

Maybe increase the amount of text we can type on twtxts? I am running out of space! :-)

Amy Schumer Reveals Cushing syndrome Diagnosis Following Fan Discourse on Puffier Face | THR News Video
Amy Schumer revealed she has been diagnosed with Cushing syndrome following social media comments about her recent appearance. Schumer revealed the news in journalist Jessica Yellin’s newsletter ‘News Not Noise.’ The actress said, “I feel reborn…There are a few types of Cushing. Some that … ⌘ Read more

How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.

The post How to stay safe from repo-jacking appeared first on The GitHub Blog. ⌘ Read more

How to Automatically Fill SMS Passcodes & Security Codes on iPhone, iPad, Mac
Messages for iPhone, Mac, and iPad all contain a really handy feature that autofills security codes that are sent to you via text message. You know the type, as these text message verification codes are often required for signing into financial institutions or many other things that use it as a method of identity and … [Read More](https://osxdaily.com/2024/02/20/how-to-automatic … ⌘ Read more

The soundworld of the river in February is pretty different from August. There are so many sloshy water-type sounds right now. I suspect some of it is actually fishes vocalizing. So hard to tell!

@lyse@lyse.isobeef.org Yeah the func in func threw me off.. The generic type iter.Seq[V] does make things a bit more clear though.

I would love to see a world where ones twtxt feed is defined by webfinger. So @xuu@txt.sour.is => https://text.sour.is/user/xuu/twtxt.txt

Then my identity can exist independent of the feed location. And I can host multiple protocol types for my feed. Ie. http/gopher/Gemini/irc DCC/etc

iOS 17.3.1 Update Released to Fix Overlapping Text Bug on iPhone & iPad
Apple has released iOS 17.3.1 as an update for iPhone, along with iPadOS 17.3.1 for iPad. The small software update includes a bug fix for an issue where text may duplicate or overlap while typing. There do not appear to be any other changes or security fixes in this update. Separately, macOS Sonoma 14.3.1 and … [Read More](https://osxdaily.com/2024/02/08/ios-17-3-1-update-released-to-fix … ⌘ Read more

Status 2024-01-29
Friday is my day off from work, as usual. So when I’m typing this I’m
in front of the hackstation (not a battlestation, obviously) with my
third cup of coffee, writing an update again.

I’ve been doing these status updates on my Gemini log, but I’m
increasingly aware of the dropping amounts of traffic, so I’m thinking
about doing them on the blog instead, but see below for some thoughts
on Gemini.

In which I speak about an intense week, feeling good(?), spending … ⌘ Read more

Fix Step Count in Health App Updating Slowly on iPhone
If you’re the type of person who likes to keep track of their daily step count by using iPhone as a step counter, it is frustrating when the iPhone Health app step counter does not update as frequently as you’d like. Additionally, there are some challenges that are linked to specific step counts, and many … Read More ⌘ Read more

Cost-efficient $39.90 Travel Router with Dual GbE Ports and Flexible Storage Options
Recently, SeeedStudio introduced the LinkStar-H28K-0408, a compact, pocket-sized router that offers advanced connectivity options. This device is equipped with Dual Gigabit Ethernet ports for high-speed internet access and includes a versatile USB Type-C port with Power Delivery support, enhancing its usability and convenience for various applications. Differing from the LinkS … ⌘ Read more

Go 運行時的併發原語
這篇文章我們來了解一下隱藏在 Go 運行時中的一些併發原語， 因爲運行時是底座和包循環依賴等原因，運行時中很少使用標準庫中的併發原語，它有自己的併發原語。mutex在 runtime/runtime2.go[1] 定義了一個互斥鎖，它的定義如下:type mutex struct { lockRankStruct key uintptr}它可是運行時中的大紅人了，在很多數據結構中都被廣泛的使用，凡 ⌘ Read more

How to Disable Inline Text Predictions on iPhone & iPad
The latest versions of iPhone and iPad system software include a feature that offers predictive typing, with typing suggestions shown inline as light gray words that are ahead of your cursor as you type. For example, if you’re typing “how ar” you might see the inline prediction suggest “how are you” as a way to … Read More ⌘ Read more

How to Disable Inline Text Predictions on iPhone & iPad
The latest versions of iPhone and iPad system software include a feature that offers predictive typing, with typing suggestions shown inline as light gray words that are ahead of your cursor as you type. For example, if you’re typing “how ar” you might see the inline prediction suggest “how are you” as a way to … Read More ⌘ Read more

How to Disable Inline Predictive Text Typing on Mac
The latest versions of MacOS offer an inline predictive text feature, which attempt to predict what you may want to type text. You’ll see this appear when typing in many Mac apps as there are words appearing in lighter gray in front of what you are presently typing, which you can complete typing of by … Read More ⌘ Read more

go-elasticsearch 使用指南
本文是 go-elasticsearch 庫的使用指南。go-elasticsearch 是 Elasticsearch 官方提供的 Go 客戶端。每個 Elasticsearch 版本會有一個對應的 go-elasticsearch 版本。官方會維護最近的兩個主要版本。go-elasticsearch 提供了 Low-level 和 Fully-typed 兩套 API。本文以 Fully-ty ⌘ Read more

Go 反射機制揭祕：輕鬆獲取結構體成員類型
*概述Go 語言的反射機制提供了強大的工具，使得在運行時獲取結構體的成員類型成爲可能。本文將介紹如何用反射實現結構體成員類型的獲取，包括結構字段的遍歷、按名稱訪問結構成員、處理匿名字段及內嵌類型，以及解析字段標籤元信息的方法。一、結構字段遍歷值對象及類型對象package mainimport ( “fmt” “reflect”)type User struct { ID int Na ⌘ Read more

Go 反射之 reflect-TypeOf– 和 reflect-Type
*概述在 Go 語言中，反射是一項強大的特性，它允許程序在運行時動態獲取變量的類型信息，進行類型操作與轉換，甚至能夠對結構體和函數進行反射操作。本文將探討 reflect.TypeOf() 和 reflect.Type，揭示 Go 語言 中反射的奧祕。一、reflect.TypeOf() 函數返回反射 Type 對象reflect.TypeOf() 函數用於獲取一個變量的反射 Type 對象。它接 ⌘ Read more

So the APC UPS power pack’s USB port is not capable of providing stable current for both a Macbook and the Iphone, which was also connected to the USB Type-A port next to it. Good to know.

Something weird is happening to the new APC UPS - it has an USB Type-C port - but it seems that the power supply is a bit wonky.

How to Edit Messages on WhatsApp
WhatsApp now offers the ability to edit sent messages, a convenient feature for correcting typos, errors, mistakes, or hastily sent messages that you soon regret. If you’re ever in this situation and using WhatsApp, there’s no need to freak out, because you can simply edit the message, correct or modify whatever you typed or sent, … Read More ⌘ Read more

The Best Free Clipboard History & Clipboard Manager for Mac is Maccy
Maccy is a really good free clipboard manager for the Mac, the type of software that is so good that you’re grateful it is available for free, in the classic spirit of computing and open source software. It’s fast, unobtrusive, allows for text and images, with a great set of features, and a simple to … Read More ⌘ Read more

The Best Free Clipboard History & Clipboard Manager for Mac is Maccy
Maccy is a really good free clipboard manager for the Mac, the type of software that is so good that you’re grateful it is available for free, in the classic spirit of computing and open source software. It’s fast, unobtrusive, allows for text and images, with a great set of features, and a simple to … Read More ⌘ Read more

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post [Getting RCE in Chrome with incomplete object initialization in the Maglev compiler](https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the- … ⌘ Read more

Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post Getting RCE in Chrome with incorrect side effect in the JIT compiler appeared first on [The GitHub Blog](ht … ⌘ Read more

@prologic@twtxt.net Yeah, I got some cash that I will put aside for a rainy day. I initially wanted to buy a kickbike for the dog with that, but he should not be pulling too much until next year’s fall, so I decided not to buy that now.
I’ll put the money aside for next year.
Other then that I got a new harness for me that I use for the dog, we’ve had one but this one is more solid and fits better to my size. That is super useful - and will last for many many years.
Also got a new hiking jacket, cotton jacket, green, outdoor type jacket, that is also something I really wanted, since I do not like those synthetic jackets (sweat too much in that). Also got some chocolate from my kids (Which I love). So I’m very pleased with the gifts :)

@movq@www.uninformativ.de Hahaha, I remember this type of scanner. We had one of those as well.

It’s the same type of antenna on both buildings, all though one is a actual building, and the other is just the antenna with a smaller building under the mesh structure.
I often fly flightsims, its my hobby, so I often work with waypoints, so I now just looked up the waypoint to find it’s information, to do that I looked up the closes airport, then looked around until I found the waypoint:
https://opennav.com/navaid/KR/SEL/ANYANG

So would they really place a navaid on a building that contains a UFO? I do not think so.
Would a UFO crash that close to Seoul without a since photo or video? I do not think so either.

So you would have:

type ErrPermissionNotAllowed []Permission
func (perms ErrPermissionNotAllowed) Is(permission Permission) bool {
    for _, p := range perms {
        if p == permission { return true }
    }
    return false
}
var err error = errPermissionNotAllowed{"is-noob"}

if errors.Is(err, ErrPermissionNotAllowed{}) { ... } // user is not allowed

var e ErrPermissionNotAllowed
if errors.As(err, e) && e.Is("a-noob") { ... } // user is not allowed because they are a noob. 

@lyse@lyse.isobeef.org do you need to have an explicit Is function? I believe errors.Is has reflect lite and can do the type infer for you. The Is is only really needed if you have a dynamic type. Or are matching a set of types as a single error maybe? The only required one would be Unwrap if your error contained some other base type so that Is/As can reach them in the stack.

As is perfect for your array type because it asserts the matching type out the wrap stack and populates the type for evaluating its contents.

Question to all you Gophers out there: How do you deal with custom errors that include more information and different kinds of matching them?

I started with a simple var ErrPermissionNotAllowed = errors.New("permission not allowed"). In my function I then wrap that using fmt.Errorf("%w: %v", ErrPermissionNotAllowed, failedPermissions). I can match this error using errors.Is(err, ErrPermissionNotAllowed). So far so good.

Now for display purposes I’d also like to access the individual permissions that could not be assigned. Parsing the error message is obviously not an option. So I thought, I create a custom error type, e.g. type PermissionNotAllowedError []Permission and give it some func (e PermissionNotAllowedError) Error() string { return fmt.Sprintf("permission not allowed: %v", e) }. My function would then return this error instead: PermissionNotAllowedError{failedPermissions}

At some layers I don’t care about the exact permissions that failed, but at others I do, at least when accessing them. A custom func (e PermissionNotAllowedError) Is(target err) bool could match both the general ErrPermissionNotAllowed as well as the PermissionNotAllowedError. Same with As(…). For testing purposes the PermissionNotAllowedError would then also try to match the included permissions, so assertions in tests would work nicely. But having two different errors for different matching seems not very elegant at all.

Did you ever encounter this scenario before? How did you address this? Is my thinking flawed?

Introduction to SELinux
SELinux is the most popular Linux Security Module used to isolate and protect system components from one another. Learn about different access control systems and Linux security as I introduce the foundations of a popular type system. ⌘ Read more

An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

There was a MrBallen video with the same type of story. Some younger woman died of a heart attack while sitting up in her own coffin.

Rebooting a LUKS Encrypted System Without Typing The Passphrase: https://mckinley.cc/blog/20230526.html

I was able to fix this now, by making a ‘default.nix’ file, and then you can open a shell that has all the stuff needed by simply typing ‘nix-shell’ in the root git directory. Pretty nice, I’m starting to enjoy this OS more and more.

Here I am, looking at my bookshelf, where the ‘12 rules for life’ book sits.
I found the way he had to be put in a coma to get off addiction to his medicine etc fascinating. It felt like the good old ‘do as I say, not as I do’ type of thing. But hey - regardless of who you are or how strong you portray yourself - there can always be hard issues to tackle in life.

yeah but as you can see I can not type a message properly inside termux XD

evolution lets animals age because otherwise they fall into procrastination type paradox situations

On my blog: Normalizing Image Type and Size https://john.colagioia.net/blog/2023/04/05/file-type-size.html #linux #programming #techtips

So. Some bits.

i := fIndex(xs, 5.6)

Can also be

i := Index(xs, 5.6)

The compiler can infer the type automatically. Looks like you mention that later.

Also the infer is super smart.. You can define functions that take functions with generic types in the arguments. This can be useful for a generic value mapper for a repository

func Map[U,V any](rows []U, fn func(U) V) []V {
  out := make([]V, len(rows))
  for i := range rows { out = fn(rows[i]) }
  return out
}


rows := []int{1,2,3}
out := Map(rows, func(v int) uint64 { return uint64(v) })

I am pretty sure the type parameters goes the other way with the type name first and constraint second.

func Foo[comparable T](xs T, s T) int

Should be

func Foo[T comparable](xs T, s T) int

ICYMI: CodeQL enhancements
Learn about CodeQL’s improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications. ⌘ Read more

decided to boot it again. turns out I typed the wrong encryption password yesterday, and instead of saying that it printed that error. booted fine now :)

@prologic@twtxt.net @movq@www.uninformativ.de this is the default behavior of pass on my machine:

Image

I add a new password entry named example and then type pass example. The password I chose, “test”, is displayed in cleartext. This is very bad default behavior. I don’t know about the other clis you both mentioned but I’ll check them out.

The browser plugin browserpass does the same kind of thing, though I have already removed it and I’m not going to reinstall it to make a movie. Next to each credential there’s an icon to copy the username to the clipboard, an icon to copy the password to the clipboard, and then an icon to view details, which shows you everything, including the password, in cleartext. The screencap in the Chrome store is out of date; it doesn’t show the offending link to show all details, which I know is there because I literally installed it today and played with it.

Achtung! The Germans have invaded! At least they seem a bit nicer, even if they type like bots.

so in effect it would look something like this:

---
subject: acct:me@sour.is
aliases:
  - salty:me@sour.is
  - yarn:xuu@ev.sour.is
  - status:xuu@chaos.social
  - mailto:me@sour.is
---
subject: salty:me@sour.is
aliases:
  - acct:me@sour.is
links:
  - rel:    self
    type:   application/json+salty
    href:   https://ev.sour.is/inbox/01GAEMKXYJ4857JQP1MJGD61Z5
    properties:
        "http://salty.im/ns/nick":    xuu
        "http://salty.im/ns/display": Jon Lundy
        "http://salty.im/ns/pubkey":     kex140fwaena9t0mrgnjeare5zuknmmvl0vc7agqy5yr938vusxfh9ys34vd2p
---
subject: yarn:xuu@ev.sour.is
links:
  - rel: https://txt.sour.is/user/xuu
    properties:
        "https://sour.is/rel/redirect": https://txt.sour.is/.well-known/webfinger?resource=acct%3Axuu%40txt.sour.is
---    
subject: status:xuu@chaos.social
links:
   - rel: http://joinmastodon.org#xuu%40chaos.social
     properties:
        "https://sour.is/rel/redirect": https://chaos.social/.well-known/webfinger?resource=acct%3Axuu%40chaos.social
---
subject: mailto:me@sour.is
...

@xuu@txt.sour.is that doesn’t seem to fit the spirit of the spec, at least by my read (I could be wrong obv). The example on Wikipedia’s webfinger page,

{
	"subject": "acct:bob@example.com",
	"aliases": [
		"https://www.example.com/~bob/"
	],
	"properties": {
		"http://example.com/ns/role": "employee"
	},
	"links": [{
			"rel": "http://webfinger.example/rel/profile-page",
			"href": "https://www.example.com/~bob/"
		},
		{
			"rel": "http://webfinger.example/rel/businesscard",
			"href": "https://www.example.com/~bob/bob.vcf"
		}
	]
}

and then the comparison with how mastodon uses webfinger,

{
    "subject": "acct:Mastodon@mastodon.social",
    "aliases": [
        "https://mastodon.social/@Mastodon",
        "https://mastodon.social/users/Mastodon"
    ],
    "links": [
        {
            "rel": "http://webfinger.net/rel/profile-page",
            "type": "text/html",
            "href": "https://mastodon.social/@Mastodon"
        },
        {
            "rel": "self",
            "type": "application/activity+json",
            "href": "https://mastodon.social/users/Mastodon"
        },
        {
            "rel": "http://ostatus.org/schema/1.0/subscribe",
            "template": "https://mastodon.social/authorize_interaction?uri={uri}"
        }
    ]
}

suggests to me you want to leave the subject/acct bit as is (don’t add prefixes) and put extra information you care to include in the links section, where you’re free to define the rel URIs however you see fit. The notion here is that webfinger is offering a mapping from an account name to additional information about that account, so if anything you’d use a "subject": "acct:SALTY ACCOUNT_REPRESENTATION" line in the JSON to achieve what you’re saying if you don’t want to do that via links.

@prologic@twtxt.net That was exactly my thought at first too. but what do we put as the rel for salty account? since it is decentralized we dont have a set URL for machines to key off. so for example take the standard response from okta:

# http GET https://example.okta.com/.well-known/webfinger  resource==acct:bob
{
    "links": [
        {
            "href": "https://example.okta.com/sso/idps/OKTA?login_hint=bob#",
            "properties": {
                "okta:idp:type": "OKTA"
            },
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "titles": {
                "und": "example"
            }
        }
    ],
    "subject": "acct:bob"
}

It gives one link that follows the OpenID login. So the details are specific to the subject acct:bob.

Mastodons response:

{
  "subject": "acct:xuu@chaos.social",
  "aliases": [
    "https://chaos.social/@xuu",
    "https://chaos.social/users/xuu"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://chaos.social/@xuu"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://chaos.social/users/xuu"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe"
    }
  ]
}

it supplies a profile page and a self which are both specific to that account.

@abucci@anthony.buc.ci did you know about the chip inside USB-C cables?

https://connectorsupplier.com/usb-type-c-what-you-need-to-know/

some groups have created their own chips that have hidden keyloggers that can phone home over network connections.

https://shop.hak5.org/products/omg-cable

@prologic@twtxt.net see where its used maybe that can help.
https://github.com/sour-is/ev/blob/main/app/peerfinder/http.go#L153

This is an upsert. So I pass a streamID which is like a globally unique id for the object. And then see how the type of the parameter in the function is used to infer the generic type. In the function it will create a new *Info and populate it from the datastore to pass to the function. The func will do its modifications and if it returns a nil error it will commit the changes.

The PA type contract ensures that the type fulfills the Aggregate interface and is a pointer to type at compile time.

one that i think is pretty interesting is building up dependent constraints. see here.. it accepts a type but requires the use of a pointer to type.

https://github.com/sour-is/ev/blob/main/pkg/es/es.go#L315-L325

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

@carsten@yarn.zn80.net what type of NAS? I just upgraded my oooold (~2008) Drobo to a Synology. I have been impressed with all the neat stuff it can do.

Great, last system update broke something, building from current master I get:

/usr/bin/ld: /lib/x86_64-linux-gnu/libm.so.6: unknown type [0x13] section `.relr.dyn'

What the heck!?

And it also appears that I’m not really able to reproduce this unread bug. It only kind of works a single time. And it has something to do with my config. Not sure what it is yet. I also noticed that the <updated> timestamps in the entries somehow shifted between the old and new feed. Da fuq!?

@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didn’t have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.

Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.

MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you don’t. You are for sure going to have an outlet in every room of the house by code.

Huh… Nope.

HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/calendar
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Permissions-Policy: interest-cohort=()
Content-Security-Policy: default-src 'none'; sandbox
Referrer-Policy: same-origin
Vary: Authorization


BEGIN:VCALENDAR
VERSION:2.0;2.0
PRODID:SandCal
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTAMP:20220822T180903Z
UID:bb63bfbd-623e-4805-b11b-3181d96375e6
DTSTART;TZID=America/Chicago:20220827T000000
CREATED:20220822T180903Z
LAST-MODIFIED:20220822T180903Z
LOCATION:https://meet.jit.si/Yarn.social
SUMMARY:Yarn Call
RRULE:FREQ=WEEKLY
DTEND;TZID=America/Chicago:20220827T010000
END:VEVENT
END:VCALENDAR

@prologic@twtxt.net odd is it maybe a wrong mime type thing? Should be text/calendar. Some http servers can mistakenly mark them application/octet-stream

@prologic@twtxt.net correct type parameters. 😅

(cont.)

Just to give some context on some of the components around the code structure.. I wrote this up around an earlier version of aggregate code. This generic bit simplifies things by removing the need of the Crud functions for each aggregate.

A domain object can be used as an aggregate by adding the event.AggregateRoot struct and finish implementing event.Aggregate. The AggregateRoot implements logic for adding events after they are either Raised by a command or Appended by the eventstore Load or service ApplyFn methods. It also tracks the uncommitted events that are saved using the eventstore Save method.

type User struct {
  Identity string ```json:"identity"`

  CreatedAt time.Time

  event.AggregateRoot
}

// StreamID for the aggregate when stored or loaded from ES.
func (a *User) StreamID() string {
	return "user-" + a.Identity
}
// ApplyEvent to the aggregate state.
func (a *User) ApplyEvent(lis ...event.Event) {
	for _, e := range lis {
		switch e := e.(type) {
		case *UserCreated:
			a.Identity = e.Identity
			a.CreatedAt = e.EventMeta().CreatedDate
        /* ... */
		}
	}
}

Events are applied to the aggregate. They are defined by adding the event.Meta and implementing the getter/setters for event.Event

type UserCreated struct {
	eventMeta event.Meta

	Identity string
}

func (c *UserCreated) EventMeta() (m event.Meta) {
	if c != nil {
		m = c.eventMeta
	}
	return m
}
func (c *UserCreated) SetEventMeta(m event.Meta) {
	if c != nil {
		c.eventMeta = m
	}
}

With a domain object that implements the event.Aggregate the event store client can load events and apply them using the Load(ctx, agg) method.

// GetUser populates an user from event store.
func (rw *User) GetUser(ctx context.Context, userID string) (*domain.User, error) {
	user := &domain.User{Identity: userID}

	err := rw.es.Load(ctx, user)
	if err != nil {
		if err != nil {
			if errors.Is(err, eventstore.ErrStreamNotFound) {
				return user, ErrNotFound
			}
			return user, err
		}
		return nil, err
	}
	return user, err
}

An OnX command will validate the state of the domain object can have the command performed on it. If it can be applied it raises the event using event.Raise() Otherwise it returns an error.

// OnCreate raises an UserCreated event to create the user.
// Note: The handler will check that the user does not already exsist.
func (a *User) OnCreate(identity string) error {
    event.Raise(a, &UserCreated{Identity: identity})
    return nil
}

// OnScored will attempt to score a task.
// If the task is not in a Created state it will fail.
func (a *Task) OnScored(taskID string, score int64, attributes Attributes) error {
	if a.State != TaskStateCreated {
		return fmt.Errorf("task expected created, got %s", a.State)
	}
	event.Raise(a, &TaskScored{TaskID: taskID, Attributes: attributes, Score: score})
	return nil
}

The following functions in the aggregate service can be used to perform creation and updating of aggregates. The Update function will ensure the aggregate exists, where the Create is intended for non-existent aggregates. These can probably be combined into one function.

// Create is used when the stream does not yet exist.
func (rw *User) Create(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil && !errors.Is(err, ErrNotFound) {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)

	return session, err
}

// Update is used when the stream already exists.
func (rw *User) Update(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)
	return session, err
}

Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.

type PA[T any] interface {
	event.Aggregate
	*T
}

// Create uses fn to create a new aggregate and store in db.
func Create[A any, T PA[A]](ctx context.Context, es *EventStore, streamID string, fn func(context.Context, T) error) (agg T, err error) {
	ctx, span := logz.Span(ctx)
	defer span.End()

	agg = new(A)
	agg.SetStreamID(streamID)

	if err = es.Load(ctx, agg); err != nil {
		return
	}

	if err = event.NotExists(agg); err != nil {
		return
	}

	if err = fn(ctx, agg); err != nil {
		return
	}

	var i uint64
	if i, err = es.Save(ctx, agg); err != nil {
		return
	}

	span.AddEvent(fmt.Sprint("wrote events = ", i))

	return
}

fig. 1

This lets me do something like this:

a, err := es.Create(ctx, r.es, streamID, func(ctx context.Context, agg *domain.SaltyUser) error {
		return agg.OnUserRegister(nick, key)
})

fig. 2

I can tell the function the type being modified and returned using the function argument that is passed in. pretty cray cray.

@prologic@twtxt.net Error handling especially in Go is very tricky I think. Even though the idea is simple, it’s fairly hard to actually implement and use in a meaningful way in my opinion. All this error wrapping or the lack of it and checking whether some specific error occurred is a mess. errors.As(…) just doesn’t feel natural. errors.Is(…) only just. I mainly avoided it. Yesterday evening I actually researched a bit about that and found this article on errors with Go 1.13. It shed a little bit of light, but I still have a long way to go, I reckon.

We tried several things but haven’t found the holy grail. Currently, we have a mix of different styles, but nothing feels really right. And having plenty of different approaches also doesn’t help, that’s right. I agree, error messages often end up getting wrapped way too much with useless information. We haven’t found a solution yet. We just noticed that it kind of depends on the exact circumstances, sometimes the caller should add more information, sometimes it’s better if the callee already includes what it was supposed to do.

To experiment and get a feel for yesterday’s research results I tried myself on the combined log parser and how to signal three different errors. I’m not happy with it. Any feedback is highly appreciated. The idea is to let the caller check (not implemented yet) whether a specific error occurred. That means I have to define some dedicated errors upfront (ErrInvalidFormat, ErrInvalidStatusCode, ErrInvalidSentBytes) that can be used in the err == ErrInvalidFormat or probably more correct errors.Is(err, ErrInvalidFormat) check at the caller.

All three errors define separate error categories and are created using errors.New(…). But for the invalid status code and invalid sent bytes cases I want to include more detail, the actual invalid number that is. Since these errors are already predefined, I cannot add this dynamic information to them. So I would need to wrap them à la fmt.Errorf("invalid sent bytes '%s': %w", sentBytes, ErrInvalidSentBytes"). Yet, the ErrInvalidSentBytes is wrapped and can be asserted later on using errors.Is(err, ErrInvalidSentBytes), but the big problem is that the message is repeated. I don’t want that!

Having a Python and Java background, exception hierarchies are a well understood concept I’m trying to use here. While typing this long message it occurs to me that this is probably the issue here. Anyways, I thought, I just create a ParseError type, that can hold a custom message and some causing error (one of the three ErrInvalid* above). The custom message is then returned at Error() and the wrapped cause will be matched in Is(…). I then just return a ParseError{fmt.Sprintf("invalid sent bytes '%s'", sentBytes), ErrInvalidSentBytes}, but that looks super weird.

I probably need to scrap the “parent error” ParseError and make all three “suberrors” three dedicated error types implementing Error() string methods where I create a useful error messages. Then the caller probably could just errors.Is(err, InvalidSentBytesError{}). But creating an instance of the InvalidSentBytesError type only to check for such an error category just does feel wrong to me. However, it might be the way to do this. I don’t know. To be tried. Opinions, anyone? Implementing a whole new type is some effort, that I want to avoid.

Alternatively just one ParseError containing an error kind enumeration for InvalidFormat and friends could be used. Also seen that pattern before. But that would then require the much more verbose var parseError ParseError; if errors.As(err, &parseError) && parseError.Kind == InvalidSentBytes { … } or something like that. Far from elegant in my eyes.

Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.

It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.

I plan to expand it to handle other event sourcing type things like aggregates and projections.

Find it here: sour-is/ev

@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org

The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more

numpy.unique needs the type to be comparable by < and >, not just ==. that seems like overkill.

Q: Are passphrases really more secure than cryptographically random passwords? 🤔

I have to wonder… It should be possible to do “passphrase” attacks just like “dictionary” attacks? How is a “phrase” any different to the character set you can type? Sure there are more possible “words” (at least) in the English language, but I’m not convinced.

Type X to self-doubt

Custom Post Type: Comment ?~L~X https://notiz.blog/b/5tX

Code scanning finds more vulnerabilities using machine learning
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities. ⌘ Read more

having small “this feels like mdma” type moments during listening to techno & dancing. who knew that ~1000 hours of meditation could have an effect?

there are two types of panpsychism, and they can be distinguished by asking “if i shatter this glass, will it feel pain?”. one answers “yes”, the other answers “no clue, but probably not”

从 CPU 角度理解 Go 中的结构体内存对齐
大家好，我是 Go 学堂的渔夫子。今天跟大家聊聊结构体字段内存对齐相关的知识点。

原文链接： https://mp.weixin.qq.com/s/H3399AYE1MjaDRSllhaPrw

大家在写 Go 时有没有注意过，一个 struct 所占的空间不见得等于各个字段加起来的空间之和，甚至有时候把字段的顺序调整一下，struct 的所占空间又有不同的结果。

本文就从 cpu 读取内存的角度来谈谈内存对齐的原理。

01 结构体字段对齐示例

我们先从一个示例开始。T1 结构体，共有 3 个字段，类型分别为 int8,int64,int32。所以变量 t1 所属的类型占用的空间应该是 1+8+4=13 字节。但运行程序后，实际上是 24 字节。和我们计算的 13 字节不一样啊。如果我们把该结构体的字段调整成 T2 那样，结果是 16 字节。但和 13 字节还是不一样。这是为什么呢？

”`
type T1 struct {

f1 int8  // 1 byte
f2 int64 // ... ⌘ [Read more](https://gocn.vip/topics/20967)```