So today #musl discovered a longstanding 🤦🤦🤦 bug in Linux's ELF loader... For whatever reason, Linux has two copies of the ELF loading code in binfmt_elf.c, one for the main program and the other for the "program interpreter" (dynamic linker). The former handles BSS right but the latter doesn't.

Spicy take: spatial memory unsafety (ala the OpenSSL bug) is a nearly solved problem in C with modern tooling and could be even moreso with a little effort. Temporal memory unsafety is the only hard part and where memory safe languages shine... ..but the need for temporal memory safety can be largely avoided with programming styles that just don't use complicated object lifetimes.

On the verge of Twitter possibly becoming (even more of a) cesspit, and folks rushing to offer inadequate alternatives, some thoughts on what value Twitter has... Why is it that, while other social media and group chat platforms are full of junk from over a year ago being passed around and treated like news, Twitter is on top of uncovering stuff as it happens, debunking bs, and surfacing relevant expertise?

Ok, so my poll a couple days ago came out strongly in favor of 3D printing tweets on main. Little did I suspect the first followup would be in the intersection of 3D printing and infosec... 😬 🧵 coming. Some background: Klipper is the modern motion control & firmware system for these kind of machines, with high level model running on a Python capable host (usually rpi with Linux) & mcu only processing very low level motor stepping, etc.

Short 🧵on philosophy of software and systems. 1/N Often maintaining musl, I encounter attempts to contribute from new folks who see "cleaning something up" or making a minor or questionable optimization as an easy way to get involved, and end up turning them down. 2/N

Following up to explain this for folks who might not realize right away what this means:

They're instructed to make decisions on admissibility for immigration based on the output of Google Translate. 1/N

https://twitter.com/timnitGebru/status/1428829850513645571

This is software that gratuitously inserts gender into nongendered language (possibly radically altering meaning) and reproduces all the biases of the corpus it was trained on. 2/N

Wow, turning Windows Defender off makes Windows like 100x faster and fixes catastrophic OOM crashing. But it's nearly impossible to do on Windows 10 Home. All the old registry ways to disable Defender have been removed, and stopping the service is blocked by some undocumented access control layer. Only group policy can turn it off and Home lacks GP.

TIL there's a company Synology shipping a modified Linux where they just reused a huge range of not-yet-assigned syscall numbers for their own vendor syscalls, and the numbers happen to clash with real syscalls now. Don't buy their junk. If you don't understand how dangerous this is, it means that if you drop a standard Linux binary on their device and try to run it, it will perform random unrelated *operations on the filesystem* when it tries to make new syscalls (including time64 ones).

Some thoughts on privacy I've had for a long time but not really pinned down. A thread. 1/N The TL;DR will basically be: Lack of privacy - especially awareness of such lack - destroys the possibility of one-on-one interpersonal intimacy. 2/N