Hacker Newsnew | past | comments | ask | show | jobs | submit | fanf2's commentslogin

Also NASA / Lockheed Martin https://www.nasa.gov/mission/quesst/

Yeah. The right way to eliminate fork() is to make the usual APIs that modify process state take an explicit process handle, so the same APIs can be used to set up an empty process. They can also be composed in other ways, eg for IPC or debugging.


If the VLA size is not controlled it gives an attacker a primitive for arbitrarily shifting the stack pointer. There isn’t any spec for what is a reasonable limit on a VLA size. https://dotat.at/@/2010-01-22-coroutines-in-less-than-20-lin...


Yes, attacker controlled size without limit is bad (and this is also true for heap allocations). For VLAs there is -Wvla-larger-than that can be used to ensure there is a hard limit. To understand the risks of VLAs one also has to compare it to the alternatives. A fixed-size array on the stack is basically always worse. alloca is substantially worse. heap allocation may be a bit better, but also much slower.



That's a good point, the more precise statement is that Linux exclusively uses gnu11 to compile.

Clang happens to implement gnu11, I think it's the only non-GCC compiler to do so.


Which was largely sponsored by Google, as they removed GCC from Android, and needed to have clang compile the Linux kernel.

For a long time only Android Linux kernel downstream supported it.


I don’t think there’s any branching in intitializer lists or declarations.


Don’t forget when they’re in string literals?


It would be nice if DDG could get rid of the umpteen shitty wikipedia mirrors that clutter up the results.


If the manpage is written with the 4.4BSD -mdoc semantic markup macros then it can contain hyperlinks like

  .Lk https://dotat.at/ "Tony Finch’s web site"
And the mandoc tools will include them in their really nice HTML output. It will also hyperlink .Xr cross-references to other man pages.

https://mandoc.bsd.lv/


The first thing I look at in new DNS code is whether it’s vulnerable to DNS name compression loops. This code passes the test! However it’s vulnerable to dots embedded in labels: it doesn’t escape bytes properly when converting from wire format to text.


Thanks for pointing this out! I’ve created https://github.com/razvandimescu/numa/issues/36


How does one handle dots embedded in a label ? Isn’t that not valid?


should be fixed by #54 in 0.10.3 thanks again!


Let’s Encrypt has been doing DNSSEC validation for years. DNSSEC could have prevented the jabber.ru MITM attack.


When CAMRA was new in the early 1970s, they started a campaign for oversize glasses holding a pint to the line instead of a pint to the rim, so that there would be space for a pint of liquid and a head in the glass. The big breweries hated this idea and mounted a reactionary campaign arguing things like it would be too expensive to replace all the glasses, or serve customers the full measure they had paid for. (My father was a new recruit at Guinness and sadly one of his early tasks was the pint-to-brim campaign.)


I no longer drink in pubs but in my neck of the woods, the pubs that specialised in cask ale often had lined glasses.

The problem was that many people insisted on the glass being filled to the brim, because they felt they were being short changed. So it solved one problem but created another.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: